Previous Topic: Disable Dynamic Roles

Next Topic: Examples: Static Groups and Roles in Democorp

Role-Based Configuration

After you have set up a group, you can add some specified attributes that restrict the searches for group members. A group used to provide restrictions in this way is called a role.

This works for both static and dynamic directory groups. You can use role-based configuration in both local and distributed directories.

For a group to hold these attributes, it needs to have the dxRoleBasedConfig auxiliary object class. dxRoleBasedConfig lets the group entry contain attributes that define the following types of restrictions:

You can also use a group to provide role-based access controls. For more information, see Access Controls.

More information:

Apply Operational Limits to a Role

Assign a Role to an Access Control Rule

set allow-search Command—Define a Search Profile


Copyright © 2009 CA. All rights reserved. Email CA about this topic