Page created: 22 Jul 2020 |
Page updated: 1 Feb 2021
The special abilities that root users have are granted through privileges. Privileges can be assigned to root users in two ways:
- By default, root users may be granted a specified set of privileges. Note that it is
possible to create root users which are not automatically granted these privileges by
ds-cfg-inherit-default-root-privilegesattribute with a value of FALSE in the entries for those root users.
- Individual root users can have additional privileges granted to them, and/or some automatically-granted privileges may be removed from that user.
The set of privileges that are automatically granted to root users is controlled by the
default-root-privilege-nameproperty of the Root DN configuration object. By default, this set of privileges includes:
The privileges not granted to root users by default includes:
The set of default root privileges can be altered to add or remove values as necessary. Doing
so will require the
privilege-change privileges, as well as either the
bypass-acl privilege or sufficient permission granted by the access control
configuration to make the change to the server's configuration.