How Role-Based Access Controls Work

Administration Guide › Set Up Access Controls › How Role-Based Access Controls Work

How Role-Based Access Controls Work

If you have set up a role, then you can assign that role to one or more access control rules. All members of that role then inherit those access control rules. This works for both static and dynamic roles.

This lets you manage security for large numbers of users.

When role-based access controls are in use, the following occurs:

A user sets up a binding with a DSA.
The DSA searches all roles in the Role subtree, looking for the user's DN in the member and uniqueMember attributes of any entry with the groupOfNames or groupofUniqueNames object classes.
The DSA uses the names returned by this search as the roles for that user for the duration of this binding, and uses them in access control decisions.

Note: Before you can use role-based access controls, you must set up roles in the directory.

More information:

Set Up Groups and Roles

Email CA Technologies about this topic