Page created: 26 Jul 2021 |
Page updated: 7 Dec 2022
The access control model uses access control instructions (ACIs) to determine what a user or a group of users can do with a set of entries, down to the attribute level.
The ACIs are stored in the
aci operational attribute. The operational
attribute can appear on any entry and affects the entry or any subentries within that
branch of the directory information tree (DIT).
Access control instructions specify four items:
- Resources are the targeted items or objects that specifies the set of entries and
operations to which the access control instruction applies. For example, you can
specify access to certain attributes, such as the
- Name is the descriptive label for each ACI. Typically, you have multiple ACIs for a given branch of your DIT. The access control name helps describe its purpose. For example, you can configure an ACI labeled "ACI to grant full access to administrators."
- Clients are the users or entities to which you grant or deny access. You can specify
individual users or groups of users using an LDAP URL. For example, you can specify a
group of administrators using the LDAP URL:
- Rights are permissions granted to users or client applications. You can grant or
deny access to certain branches or operations. For example, you can grant
writepermission to a