Previous Topic: Set Up the Example Access Control Policy

Next Topic: Role-Based Access Controls in a Router System

How Role-Based Access Controls Work

If you have set up a role, then you can assign that role to one or more access control rules. All members of that role then inherit those access control rules. This works for both static and dynamic roles.

This lets you manage security for large numbers of users.

When role-based access controls are in use, the following occurs:

  1. A user sets up a binding with a DSA.
  2. The DSA searches all roles in the Role subtree, looking for the user's DN in the member and uniqueMember attributes of any entry with the groupOfNames or groupofUniqueNames object classes.
  3. The DSA uses the names returned by this search as the roles for that user for the duration of this binding, and uses them in access control decisions.

Note: Before you can use role-based access controls, you must set up roles in the directory.

More information:

Set Up Groups and Roles


Copyright © 2009 CA. All rights reserved. Email CA about this topic