Large Number of Access Control Rules - PingDirectory

Large Number of Access Control Rules - PingDirectory - 8.1

PingDirectory

bundle

pingdirectory-81

ft:publication_title

PingDirectory

Product_Version_ce

PingDirectory 8.1

category

Product

pd-81

pingdirectory

ContentType_ce

Page created: 14 May 2020 |

Page updated: 22 Jul 2020

| 1 min read

Product PingDirectory 8.1 Directory Capability Product documentation Content Type Administration User task IT Administrator Administrator Audience Software Deployment Method Configuration

As the number of access control rules increases, so does the potential costs of determining whether a client is allowed to request a given operation and of paring down search result entries based on the data that the client is permitted to access. In addtion, the server may need to re-evaluate all access control rules after certain update operations (including modify DN operations) to determine whether these may be affected by the change.

In many cases, deployments with an extremely large number of access control rules (especially those with large numbers of branches in which the same structure may be repeated across each of these branches) may be able to leverage parameterized ACIs to dramatically reduce the number of access control rules that need to be defined and evaluated. In other cases, it may be possible to refactor the access control configuration to achieve the same effect but with far fewer rules.