The following rights can be allowed or denied in an ACI permission statement:
Permission to read directory data. This permission applies only to the search operation.
Permission to modify an entry by adding, modifying, or deleting attributes. This permission applies to the modify and modify DN operations.
Permission to create entries. This permission applies only to the add operation
Permission to delete entries. This permission applies only to the delete operation.
Permission to search for directory data. Users must have Search and Read rights in order to view the data returned as part of a search result. This permission applies only to the search operation.
Permission for users to compare data they supply with data stored in the directory. With compare rights, the directory returns a success or failure message in response to an inquiry, but the user cannot see the value of the entry or attribute. This permission applies only to the compare operation.
Permission for users to add or delete their own DN in an attribute of the target entry. The syntax of this attribute must be distinguished name. This right is used only for group management. The Selfwrite permission works with proxy authorization; it grants the right to add or delete the proxy DN from the group entry (not the DN of the bound user).
Permission for the specified DN to access the target with the rights of another entry. You can grant proxy access using the DN of any user in the directory except the Directory Manager DN. You cannot grant proxy rights to the Directory Manager.
Permission for an entry to be imported to the specified DN. This permission applies the modify DN operation.
Permission for an entry to be exported from the specified DN. This permission applies the modify DN operation.
Permission for the specified DN to have the following rights for the targeted entry: read, write, search, delete, compare, and selfwrite. The All access right does control permission for the following rights to the target entry: proxy, import, and export.