| Exit Print View | |
Sun OpenDS Standard Edition 2.2 Administration Guide |
|
|
|
Starting and Stopping Your Server Instance
Configuring the Server Instance
Configuring the Proxy Components
Configuring Security Between Clients and Servers
Configuring Security Between the Proxy and the Data Source
Configuring Servers With the Control Panel
Managing Global ACIs With dsconfig
Granting Write Access to Personal Entries
Granting a Group Full Access to a Suffix
Granting Rights to Add and Delete Group Entries
Allowing Users to Add or Remove Themselves From a Group
Granting Conditional Access to a Group
Defining Permissions for DNs That Contain a Comma
The Get Effective Rights Control
Using the Get Effective Rights Control
Understanding Effective Rights Results
Restricting Access to the Get Effective Rights Control
Controlling access to directory contents is an integral part of creating a secure directory service. Access to data is managed with access control instructions (ACIs) that specify the access right to individual entries, all sub-entries below an entry, or all entries on a global basis.
Numerous or complicated ACIs require greater processing resources than a few simple ACIs. You can significantly reduce the performance of your directory by specifying a large number of ACIs or extremely complicated ACIs.
Sun OpenDS Standard Edition includes the ability to view the effective rights of a given user for a given entry. This feature simplifies the administration of the complex and powerful access control mechanism.
For an overview of the ACI model, see Access Control Principles in Sun OpenDS Standard Edition 2.2 Architectural Reference.
The following sections describe how to create ACIs to control access to data:
|
|