Permissions - PingDirectory - PingDirectoryProxy

Permissions - PingDirectory - PingDirectoryProxy - 9.0

PingDirectory

bundle

pingdirectory-90

ft:publication_title

PingDirectory

Product_Version_ce

PingDirectory 9.0

category

Product

pd-90

pingdirectory

ContentType_ce

Permissions indicate the types of operations to which an access control rule could apply.

You can specify if the user or group of users are allowed or not allowed to carry out a specific operation. For example, you can grant read access to targeted entries using the allow (read) permission. You can also deny access to the target entries and attributes using the deny (read) permission. You can list multiple permissions as required in the ACI.

allow (permission1 ...,
permission2
,...permissionN)

deny (permission1 ...,
permission2
,...permissionN)

You can use the following keywords in the permissions portion of ACIs.

Keyword	Description
`add`	Indicates that the access control applies to `add` operations.
`compare`	Indicates that the access control applies to `compare` operations and to search operations with a base-level scope that targets a single entry.
`delete`	Indicates that the access control applies to `delete` operations.
`export`	Indicates that the access control applies only to `modify DN` operations in which an entry is moved below a different parent by specifying a new superior distinguished name (DN) in the `modify DN` request. The requestor must have the `export` permission for operations against the entry's original DN. The requestor must have the `import` permission for operations against the entry's new superior DN. For `modify DN` operations that alter the relative distinguished name (RDN) of an entry but keeps it below the same parent, such as renaming the entry, only the `write` permission is required. This is true regardless of whether the entry being renamed is a leaf entry or has subordinate entries.
`import`	See the description for the `export` permission.
`proxy`	Indicates that the access control rule applies to operations that attempt to use an alternate authorization identity, such as operations that include a proxied authorization request control, an intermediate client request control with an alternate authorization identity, or a client that has authenticated with a Simple Authentication and Security Layer (SASL) mechanism that allows an alternate authorization identify to be specified.
`read`	Indicates that the access control rule applies to search result entries returned by the server.
`search`	Indicates that the access control rule applies to `search` operations with a non-base scope.
`selfwrite`	Indicates that the access control rule applies to operations in which a user attempts to add or remove their own DN to the values for an attribute, such as users adding or removing themselves from groups.
`write`	Indicates that the access control rule applies to `modify` and `modify DN` operations.
`all`	An aggregate permission that includes all other permissions except `import`, `export`, and `proxy`. This is equivalent to providing a permission of `add`, `compare`, `delete`, `read`, `search`, `selfwrite`, and `write` .