JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Fusion Middleware Architecture Reference for Oracle Unified Directory 11g Release 1 (11.1.1)
search filter icon
search icon

Document Information


1.  Introduction

2.  The Directory Server Access Control Model

3.  Understanding the Directory Server Schema

4.  Directory Server Index Databases

5.  Directory Server Replication

6.  Directory Server Root Users and the Privilege Subsystem

Root User Accounts

Privilege Subsystem

Assigning Privileges to Normal Users

Assigning Privileges to Root Users

7.  Supported Controls and Operations

Assigning Privileges to Normal Users

By default, normal users are not granted any of the privileges listed above. Therefore, if a user should be allowed to perform any of the associated operations, they must be granted the appropriate privileges. This can be done by adding the ds-privilege-name operational attribute to the user's entry.

Note - Adding a privilege with a value such as modify-acl is not sufficient for granting a user the right to add, replace, or delete an ACI. Appropriate access control for the user to modify the ACI for another entry is also required. See ACI Syntax for more information.

ds-privilege-name is a multivalued attribute, and if a user is to be given multiple privileges, then a separate value should be used for each one. When the virtual attribute subsystem is in place, it should also be possible to grant privileges to groups of users automatically by making ds-privilege-name a virtual attribute in those user entries.

As an example, the following modification can be used to add the proxied-auth privilege to the user cn=Proxy User,dc=example,dc=com:

dn: cn=Proxy User,dc=example,dc=com
changetype: modify
add: ds-privilege-name
ds-privilege-name: proxied-auth