Data ownership refers to the person or organization that is responsible for ensuring that data is up-to-date. During the data design phase, decide who can write data to the directory. Common strategies for determining data ownership include the following:
Allow read-only access to the directory for everyone except a small group of directory content managers.
Allow individual users to manage strategic subsets of information.
These subsets of information might include their passwords, descriptive information about themselves, and their role within the organization.
Allow a person’s manager to write to some strategic subset of that person’s information, such as contact information or job title.
Allow an organization’s administrator to create and manage entries for that organization.
Organization administrators in effect become your directory content managers.
Create roles that give groups of people read or write access privileges.
For example, you might create roles for human resources, finance, or accounting. Allow each of these roles to have read access, write access, or both to the data needed by the group. This data might include salary information, government identification number, and home phone numbers and address.
For more information about roles and grouping entries, see Grouping Directory Data and Managing Attributes, Chapter 10, Directory Server Groups, Roles, and CoS, in Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide and Chapter 8, Directory Server Groups and Roles, in Sun Java System Directory Server Enterprise Edition 6.3 Reference.
As you determine who can write to the data, you might find that multiple individuals require write access to the same information. For example, an information systems or directory management group should have write access to employee passwords. You might also want all employees to have write access to their own passwords. While you generally must give multiple people write access to the same information, try to keep this group small and easy to identify. Small groups help to ensure your data’s integrity.
For information about setting access control for your directory, see Chapter 7, Directory Server Access Control, in Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide and How Directory Server Provides Access Control in Sun Java System Directory Server Enterprise Edition 6.3 Reference.