The privilege subsystem works in conjunction with the access control subsystem to only allow privileged operations that are permitted by the access control configuration. The user must also have all of the necessary privileges.

You can use privileges to grant normal users the ability to perform certain tasks that, in most other directories, would only be allowed for the root user. The capabilities given to root users in the PingDirectory Server are all granted through privileges, so you can create a normal user account with the ability to perform the same actions as root users.

Administrators can also remove privileges from root users so that they are unable to perform certain types of operations. To restrict root users to only the tasks that they must perform, define multiple root users in the server with different sets of privileges.