Definition: Access Control
Access control provides a mechanism for restricting who can get access to various kinds of information in the Directory Server. The access control provider can be used to control a number of things, including:
- Whether or not a client can retrieve an entry from the server.
- Which attributes within the entry the client is allowed to retrieve.
- Which values of an attribute the client is allowed to retrieve.
- The ways in which the client is able to manipulate data in the directory.
A number of things can be taken into account when making access control decisions, including:
- The DN as whom the user is authenticated.
- The method by which the client authenticated to the server.
- Any groups in which that user is a member.
- The contents of the authenticated user's entry.
- The contents of the target entry.
- The address of the client system.
- Whether or not the communication between the client and server is secure.
- The time of day and/or day of week of the attempt.
See the Controlling Access To Data documentation for details on the access control syntax used by Sun OpenDS SE.
In addition to the access control subsystem, Sun OpenDS SE also provides a privilege subsystem that can be used to control what a user will be allowed to do. One of the privileges available is the "bypass-acl" privilege, which can be used to allow that client to bypass any restrictions that the access control subsystem would otherwise enforce.
Sign up or Log in to add a comment or watch this page.