Re: access given to parent entry

> To make it short, "by self[n] write", recycling the "self" clause, or
> "ancestor[n]", with "self" given by n=0 and "parent" given by n=1?

I think that, for symmetry, something similar should be done for the
regular "dn" type in both <what> and <who> clause, e.g. a version of
"onelevel" with a specified level:

access to dn.level[3]="dc=foo,dc=com"
    by dn.level[2]="dc=bar,dc=com" write

I recall something similar being mentioned some time ago; something of
that kind should have been discussed for ACI scope as well.

Maybe the "{n}" syntax is preferable to "[n]".


Pierangelo Masarati

