After you have set up a group, you can add some specified attributes that restrict the searches for group members. A group used to provide restrictions in this way is called a role.
This works for both static and dynamic directory groups. You can use role-based configuration in both local and distributed directories.
For a group to hold these attributes, it needs to have the dxRoleBasedConfig auxiliary object class. dxRoleBasedConfig lets the group entry contain attributes that define the following types of restrictions:
You can add the following attributes to a role:
For more information about operation limits, see Limit Operations.
You can add the attribute dxAllowSearch to a role. This attribute specifies the name of a search profile. Search Profiles are defined by the set allow-search command.
You can also use a group to provide role-based access controls. For more information, see Access Controls.
Copyright © 2009 CA. All rights reserved. | Email CA about this topic |