- By default, root users may be granted a specified set of privileges. Note that it is
possible to create root users which are not automatically granted these privileges by
ds-cfg-inherit-default-root-privilegesattribute with a value of FALSE in the entries for those root users.
- Individual root users can have additional privileges granted to them, and/or some automatically-granted privileges may be removed from that user.
default-root-privilege-nameproperty of the Root DN configuration object. By default, this set of privileges includes:
The set of default root privileges can be altered to add or remove values as necessary. Doing
so will require the
privilege-change privileges, as well as either the
bypass-acl privilege or sufficient permission granted by the access control
configuration to make the change to the server's configuration.