There are three kinds of groups in CA Directory. Static and dynamic groups are very similar, and we recommend that you use one of these rather than access control groups.
A static group is an entry in the directory with a member attribute, which stores a list of the DNs of the entries that are members of this group.
If you set up static groups, you can then use static roles, to which you can assign access controls.
A dynamic group is an entry in the directory with its membership defined by an LDAP filter. All entries that satisfy this filter are members of the dynamic group.
If you set up dynamic groups, you can set up dynamic roles to which you can assign access controls.
Access control groups are defined in a configuration file. Each group includes a list of member DNs. You can assign access controls to each group.
Because the groups are in the DSA configuration, you must restart the DSA to add or delete groups, and to add or remove members from the group.
If you already use access control groups, you can keep using them. However, we recommend that for new groups, you use static or dynamic groups instead, because they are more flexible and powerful, for the following reasons:
Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |