Permissions indicate the types of operations to which an access control rule could apply.
You can specify if the user or group of users are allowed or not allowed to carry out a
specific operation. For example, you can grant read access to targeted entries using the
allow (read)
permission. You can also deny access to the target
entries and attributes using the deny (read)
permission. You can list
multiple permissions as required in the ACI.
allow (permission1 ...,
permission2
,...permissionN)
deny (permission1 ...,
permission2
,...permissionN)
You can use the following keywords in the permissions portion of ACIs.
Keyword | Description |
---|---|
add |
Indicates that the access control applies to |
compare |
Indicates that the access control applies to |
delete |
Indicates that the access control applies to |
export |
Indicates that the access control applies only to For |
import |
See the description for the |
proxy |
Indicates that the access control rule applies to operations that attempt to use an alternate authorization identity, such as operations that include a proxied authorization request control, an intermediate client request control with an alternate authorization identity, or a client that has authenticated with a Simple Authentication and Security Layer (SASL) mechanism that allows an alternate authorization identify to be specified. |
read |
Indicates that the access control rule applies to search result entries returned by the server. |
search |
Indicates that the access control rule applies to |
selfwrite |
Indicates that the access control rule applies to operations in which a user attempts to add or remove their own DN to the values for an attribute, such as users adding or removing themselves from groups. |
write |
Indicates that the access control rule applies to |
all |
An aggregate permission that includes all other permissions except
|