Previous Topic: set rdn-order Command—Specify Attribute Order

Next Topic: set relaxed-not-search Command

set reg-user Command—Configure Registered User Access Level Rights

This command grants specified access rights at the registered user access level, to specified users, over a specified scope.

Access rights granted at this access level can be taken away by access control rules defined at the protected items access level.

Access control rules are effective only if you enable access controls.

This command has the following format:

set reg-user [tag] = { 
users 
scope 
[attrs	= attribute-list]
[auth-level	= simple | ssl-auth]
[perms	= permission-list]
[validity	= [start hhmm end hhmm] [on day]]
};

Example: Give Read Access to All Users in a Subtree

In the following example, all the users in the R&D subtree can read the Democorp subtree:

set reg-user "R&D-Users"= { 
 user-subtree = <c "AU"><o "Democorp"><ou "R&D">
 subtree	 = <c "AU"><o "Democorp">
};

Example: Give Read Access to an Entry

In the following example, all users in the group staff have read privileges on the Democorp entry:

set reg-user "democorp-staff" = {
 group = "staff"
 entry = <c "AU"><o "Democorp">
};

Example: Let All Users Read Some Attributes in Their Own Entry

The following example lets any user in the subtree AU/Democorp view only the selected attributes in their entry:

set reg-user = {
own-entry
subtree = <c "AU"><o "Democorp">
attrs = telephoneNumber, commonName, surname, title, mhsORAddresses, odEmail
};

Example: Let All Users Read and Modify Some Attributes

In this example, all Democorp users can browse all entries in the subtree Democorp; however, when they read or search for an entry in the subtree, only those attributes that you declare are visible.

The users also have modify privileges on the listed attributes for all entries in the subtree:

set reg-user "self-view" = {
 user-subtree = <c AU><o Democorp>
 subtree = <c "AU"><o "Democorp">
 attrs = telephoneNumber, commonName, surname, title, mhsORAddresses, dcEmail
 perms = modify
};

More information:

Groups and Roles


Copyright © 2009 CA. All rights reserved. Email CA about this topic