|
|
|
Under the base directory, apnmLoginRights entries are stored. These entries contain advanced user permissions data. For each NM login user, you can create an apnmLoginRights entry and specify the NM contacts that the login can notify, read, or update. You do this by specifying the attributes nmNotifyContacts, nmReadContacts, and nmUpdateContacts with the appropriate NM contact names.
Also under the base directory, you can optionally establish two subdirectories, and use them to assign permissions to many logins, and/or for many contacts. For example, you can create an organizational unit entry named nmContactTeams and put all apnmContactPerson entries together into teams of contacts under this entry. You can also create an organizational unit entry named nmLoginTeams and put all apnmLoginPerson entries together into teams of logins under this entry.
Constructing contact teams allows you to assign user permissions to a specific login for all the contacts under the particular team DN hierarchy for whom the login can notify, read, or update. You do this by filling the attributes of nmNotifyContactTeams, nmReadContactTeams, and nmUpdateContactTeams with the corresponding contact team DN value.
Constructing login teams allows you to assign user permissions to a team of logins. You do this by filling the attribute nmLoginTeam with the corresponding login team DN values. All logins specified under the particular team DN hierarchy are given the permissions at once.
Using this directory structure, your site can explicitly set the permissions that each login name has for each contact. Your site can also organize the contacts and logins into teams and assign the permissions to these teams at the same time. The number of data entry tasks varies depending on the approach you take, but you are able to maintain precise control, regardless of approach.
The following is a partial sample directory structure:
| Copyright © 2012 CA. All rights reserved. |
|