The special abilities that root users have are granted through privileges.
You can assign privileges to root users in two ways:
- By default, root users can be granted a specified set of privileges.Note:
You can create root users which are not automatically granted these privileges by including the
ds-cfg-inherit-default-root-privilegesattribute with a value of
FALSEin the entries for those root users.
- You can grant additional privileges to individual root users and remove some automatically-granted privileges from individual root users.
default-root-privilege-name property of the root distinguished name
(DN) configuration object controls the set of privileges that are automatically granted to
root users. By default, these privileges include:
The privileges not granted to root users by default include:
You can change the set of default root privileges to add or remove values as necessary.
This requires the
privilege-change privileges, and either the
privilege or sufficient permission granted by the access control configuration to change the