Previous Topic: set ssl-auth-bypass-entry-check Command

Next Topic: set syntax-alias Command

set super-user Command—Configure Super User Access Level Rights

This command grants all access rights (permissions) at the super user access level, to specified users. The scope is a user's own entry, or own subtree, or the whole directory.

Access rights granted at this access level cannot be taken away by other access control rules.

Access control rules are effective only if you enable access controls.

This command has the following format:

set super-user [tag] = { 
users 
[auth-level	= simple | ssl-auth]
[validity	= [start hhmm end hhmm] [on day]]
};

Example: Give Super User Privileges to One User

The following command defines a single user with super user privileges:

set super-user "dsa-manager" = {
 user = <c "AU"><o "Democorp"><commonName "DSA manager">
};

Example: Give Users Super User Rights to Their Own Entry Only

The following command gives all users in the domain of this DSA super user privileges on their own entry from 0800 hours to 1800 hours on Monday (day 1) to Friday (day 5):

set super-user "self" = { own-entry
 validity = ( start 0800 end 1800 on 12345 )
};

When you include this command in an access.dxc file that multiple DSAs source, all users in the domains of those DSAs will have super user privileges on their own entries.

The own-entry and own-subtree options are the only types of super user rule that do not grant the user access to all parts of the DSA.

More information:

Groups and Roles


Copyright © 2009 CA. All rights reserved. Email CA about this topic