1. Manuals
  2. Brands
  3. Netscape Manuals
  4. Server
  5. NETSCAPE DIRECTORY SERVER 7.0 - DEPLOYMENT
  6. Deployment manual

Determining Data Access - Netscape DIRECTORY SERVER 7.0 - DEPLOYMENT Deployment Manual

Hide thumbs
Table of Contents

Advertisement

Create roles that give groups of people read or write access privileges.
For example, you might create roles for human resources, finance, or
accounting. Allow each of these roles to have read access, write access, or both
to the data needed by the group, such as salary information, government
identification number (in the US, Social Security Number), and home phone
numbers and address.
For more information about roles and grouping entries, refer to "Grouping
Directory Entries," on page 71.
As you determine who can write to the data, you may find that multiple
individuals need to have write access to the same information. For example, you
will want an information systems (IS) or directory management group to have
write access to employee passwords. You may also want the employees themselves
to have write access to their own passwords. While you generally must give
multiple people write access to the same information, try to keep this group small
and easy to identify. Keeping the group small helps ensure your data's integrity.
For information on setting access control for your directory, see chapter 7,
"Designing a Secure Directory," on page 133.

Determining Data Access

After determining data ownership, decide who can read each piece of data. For
example, you may decide to store an employee's home phone number in your
directory. This data may be useful for a number of organizations, including the
employee's manager and human resources. You may want the employee to be able
to read this information for verification purposes. However, home contact
information can be considered sensitive. Therefore, you must determine if you
want this kind of data to be widely available across your enterprise.
For each piece of information that you store in your directory, you must decide the
following:
Can the data be read anonymously?
The LDAP protocol supports anonymous access and allows easy lookups for
common information such as office sites, email addresses, and business
telephone numbers. However, anonymous access gives anyone with access to
the directory access to the common information. Consequently, you should use
anonymous access sparingly.
Can the data be read widely across your enterprise?
Performing a Site Survey
Chapter 2
How to Plan Your Directory Data
35

Advertisement

Table of Contents
loading

Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 7.0 - DEPLOYMENT

Related Content for Netscape NETSCAPE DIRECTORY SERVER 7.0 - DEPLOYMENT

This manual is also suitable for:

Netscape directory server 7.0

Table of Contents