Sun Directory Server Enterprise Edition 7.0 Administration Guide

ACI “Write Subscribers”


Note –

By setting this permission, you are also granting users the right to delete attribute values.


In LDIF, to grant Example.com subscribers the right to update their home telephone number, you would write the following statement:


aci: (targetattr="homePhone")
 (version 3.0; acl "Write Subscribers"; allow (write)
 userdn= "ldap://self" and authmethod="ssl";)

This example assumes that the aci is added to the ou=subscribers,dc=example, dc=com entry, and that users must bind using SSL.

Note that Example.com subscribers do not have write access to their home address because they might delete that attribute. The home address is business-critical information that Example.com needs for billing purposes.