You must include a specific or general GRANT record in the AUTHORIZ CONFIG file for each directory manager to whom you are giving the ability to create directory entries. If it is a specific GRANT record, it grants authority only to create directory entries. If it is a general GRANT record, it can grant authority that is more general.
Note: The GRANT record you need to include depends on the method of creating new directory entries that you want your directory managers to use.
In addition to the authorities listed in the following table, you also need to include the *NEWUSRS authorization on a GRANT record to allow your site’s directory managers to create directory entries. For more information about using the *NEWUSRS authorization, see Granting Authorization to Create User ID.
Note: For more information about the GRANT record and how to use it, see GRANT Record in the chapter "Configuration File Reference" in the Reference Guide.
|
Command to Create User ID |
Type of Authority |
GRANT Record Authority Requirements for a Directory Manager |
|---|---|---|
|
ADDENTRY |
Create directory entries with a skeleton |
ADDENTRY SKELETON |
|
|
Create directory entries without a skeleton |
ADDENTRY NOSKEL |
|
EDIT† |
Create user IDs only |
EDIT *NEWUSRS |
|
|
General manage |
EDIT *NEWUSRS |
|
MAINT |
Create directory entries only |
MAINTMAN NEWUSER |
|
|
General manage |
MAINTMAN *NEWUSRS |
|
MANAGE |
Create directory entries only |
MANSEL01 *NEWUSRS |
|
|
General manage |
MANAGE *NEWUSRS |
|
MULTIPLE |
Create directory entries only |
MULTIPLE NEWUSER |
|
|
General manage |
MULTIPLE *NEWUSRS |
|
† It is not recommended that directory managers generally be authorized to use this command. |
||
|
Copyright © 2014 CA.
All rights reserved.
|
|