[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL : give a user the right to create objects, but to modify only those he created

To: François Beretti <francois.beretti@enatel.com>
Subject: Re: ACL : give a user the right to create objects, but to modify only those he created
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Tue, 9 Nov 2004 19:58:58 +0100
Cc: OpenLDAP Mail List <openldap-software@OpenLDAP.org>
In-reply-to: <41910F9F.7070807@enatel.com>
References: <41910F9F.7070807@enatel.com>

François Beretti writes:
> I want to give my users the right to create objects of a given class, 
> without giving them the right to modify those created by other users
> For the second part I can use the creatorsName attribute, but I don't 
> know how I can make a deifference between the right to create an entry 
> and the right to modify it.

See OPERATION REQUIREMENTS in slapd.access(5):

     The add operation requires  write  (=w)  privileges  on  the
     pseudo-attribute  entry  of the entry being added, and write
     (=w) privileges on  the  pseudo-attribute  children  of  the
     entry's parent.

     The modify operation requires write (=w) privileges  on  the
     attibutes being modified.

-- 
Hallvard

Follow-Ups:
- Re: ACL : give a user the right to create objects, but to modify only those he created
  - From: François Beretti <francois.beretti@enatel.com>

References:
- ACL : give a user the right to create objects, but to modify only those he created
  - From: François Beretti <francois.beretti@enatel.com>

Prev by Date: ACL : give a user the right to create objects, but to modify only those he created
Next by Date: Re: replication problems
Index(es):
- Chronological
- Thread