Setting an attribute to read-only - PingDirectory

Page created: 15 Jul 2022 |

Page updated: 20 Jan 2023

| 1 min read

9.2 Product PingDirectory Delegated Administration Directory Capability Product documentation Content Type Administration User task Configuration System Administrator Administrator Audience IT Administrator Software Deployment Method

Beginning with Delegated Admin 3.5.0 and PingDirectory 7.3.0.1, you can set user access to standard and constructed attributes to read-only and read/write. You should restrict access to constructed attributes to read-only. Read-only attributes do not appear on the UI pages that are associated with the creation of users groups and other objects.

Use the dsconfig tool to set a standard or constructed attribute as read-only.

dsconfig set-delegated-admin-attribute \
  --type-name users  \
  --attribute-type modifyTimestamp  \
  --set mutability:read-only

The following example resets a standard or constructed attribute from read-only to read/write.

dsconfig set-delegated-admin-attribute \
  --type-name users  \
  --attribute-type modifyTimestamp  \
  --reset mutability