[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL for multiple groups

To: openldap-software@OpenLDAP.org
Subject: ACL for multiple groups
From: <eg_ymc@stu.ust.hk>
Date: Fri, 26 Jan 2001 23:19:19 +0800
User-agent: IMHO/0.97.1 (HKUST Webmail 1.0b)

Dear all,

I have to develop a directory for multiple groups. Each group has different access control rights. If a user is a member of several groups, which access control right should he have? Does he have the greatest right among all group (say, the write right is greater than the read)?

For example, John is a member of sales group and a member of senior manager group (see the table).
__________________________________________
John DN: uid = john, ou = staff, dc=abc, dc=com
He has right to compare customer information 
__________________________________________
Sales DN: ou=sales, dc=abc, dc=com
member: uid = john, ou = staff, dc=abc, dc=com
This group has right to read customer information 
__________________________________________
Sales DN: ou=senior manager, dc=abc, dc=com
member: uid = john, ou = staff, dc=abc, dc=com
This group has right to write customer information 
__________________________________________

When John logins , what is the access right of John?

Follow-Ups:
- Re: ACL for multiple groups
  - From: Pierangelo Masarati <masarati@aero.polimi.it>
- Re: ACL for multiple groups
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: some questions about Open-LDAP's backend database.
Next by Date: Re: ACL for multiple groups
Index(es):
- Chronological
- Thread