JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Fusion Middleware Architecture Reference for Oracle Unified Directory 11g Release 1 (11.1.1)
search filter icon
search icon

Document Information

Preface

1.  Introduction

2.  The Directory Server Access Control Model

3.  Understanding the Directory Server Schema

4.  Directory Server Index Databases

5.  Directory Server Replication

6.  Directory Server Root Users and the Privilege Subsystem

Root User Accounts

Privilege Subsystem

Assigning Privileges to Normal Users

Assigning Privileges to Root Users

7.  Supported Controls and Operations

Privilege Subsystem

As mentioned above, root user accounts in traditional directories are special because they can to bypass access controls and other restrictions, and there are some kinds of operations that only root users can perform. This is much like the concept of root users in traditional UNIX operating systems, and it often creates a bit of a paradigm because there may be cases in which a user needs to do something that only root can do. If users are given root access, then they are given far more power than they actually need to do their job, and system administrators have to hope that they use it responsibly and not intentionally or unintentionally impact some other part of the system. Alternately, the user may not be given root access and either not be able to perform a vital function or have to get one of the system administrators to perform the task.

Solaris 10 has addressed this problem in UNIX systems by creating a privilege subsystem (also called “process rights management”). The engineers developing Solaris realized that it is dangerous and undesirable to be forced to give someone root access just to perform one specific task. For example, just because a user may need to start a process that listens on a port below 1024 does not mean that they should also be able to bypass filesystem permissions, change network interface settings, or mount and unmount file systems. With the privilege subsystem in Solaris 10, it is possible to give a user just the specific capability that they need, for example, the ability to bind to privileged ports, without giving them full root access. Similarly, it is possible to take away privileges that might otherwise be available. For example, an account that is only used to run a specific daemon does not need to be able to see processes owned by other users on the system.

The directory server has embraced this concept, and it too has a privilege subsystem that defines distinct capabilities that users might need and makes it possible to give them just the level of access that they require. Normal users may be granted privileges that they would not otherwise have, and it is even possible to take certain privileges away from root users. The set of privileges currently defined in the directory server includes:

bypass-acl

Allows the user to bypass access control evaluation

modify-acl

Allows the user to make changes to the access controls defined in the server

config-read

Allows the user to have read access to the server configuration

config-write

Allows the user to have write access to the server configuration

jmx-read

Allows the user to read JMX attribute values

jmx-write

Allows the user to update JMX attribute values

jmx-notify

* Allows the user to subscribe to JMX notifications

ldif-import

Allows the user to request the LDIF import task

ldif-export

Allows the user to request the LDIF export task

backend-backup

Allows the user to request the backend backup task

backend-restore

Allows the user to request the backend restore task

server-shutdown

Allows the user to request the server shutdown task

server-restart

Allows the user to request the server restart task

proxied-auth

Allows the user to use the proxied authorization control or request an alternate SASL authorization ID

disconnect-client

Allows the user to terminate arbitrary client connections

cancel-request

* Allows the user to cancel arbitrary client requests

unindexed-search

Allows the user to request unindexed search operations

password-reset

Allows the user to reset the passwords for other users

data-sync

* Allows the user to participate in the data synchronization environment

update-schema

Allows the user to update the server schema

privilege-change

Allows the user to change the set of privileges assigned to a user, or to change the set of default root privileges

At the present time, the privileges marked with an asterisk (*) are not yet implemented in the server and therefore have no effect.

Note that the privilege subsystem is largely independent from the access control subsystem. Unless the user also has the bypass-acl privilege, operations may still be subject to access control checking. For example, if a user has the config-read privilege, then that user can see only those parts of the configuration that are allowed by access control. As a rule, whenever an operation is covered by both the privilege subsystem and access control, both mechanisms must allow that operation.