Beginning with Delegated Admin 3.5.0 and PingDirectory 7.3.0.1, you can set user access to standard
and constructed attributes to read-only and
read/write. You should restrict access to constructed
attributes to read-only. Read-only attributes do not appear on the
UI pages that are associated with the creation of users groups and other
objects.
Use the dsconfig tool to set a standard or constructed
attribute as
read-only.
dsconfig set-delegated-admin-attribute \
--type-name users \
--attribute-type modifyTimestamp \
--set mutability:read-onlyThe following example resets a standard or constructed attribute from
read-only to
read/write.dsconfig set-delegated-admin-attribute \
--type-name users \
--attribute-type modifyTimestamp \
--reset mutability