Access Control Model (III)

• Examples:

  • a user is defined as policyOwner:policyOwner: 1.2.3#subtree#access-id#cn=Mister X
  • a group may read, search and compare an Attribute in a subbtree:ldapACI: 1.2.3#subtree#grant;r,s,c;attribute attr1#group#cn=o=University,c=HU
  • a Roleoccupant may add entries in subtree and mya read, search and compare attributes 2 and 3:ldapACI: 1.2.3#subtree#grant;a;collection:[entry]# role#cn=SysAdmins,o=CompanyldapACI: 1.2.3#subtree#grant;r,s,c;attribute:attr2# role#cn=SysAdmins,o=Company ldapACI: 1.2.3#subtree#grant;r,s,c;attribute:attr3# role#cn=SysAdmins,o=Company

Previous slide

Next slide

Back to first slide

View graphic version