Re: ACL : give a user the right to create objects, but to modify only those he created

[François Beretti <francois.beretti@enatel.com>]

Hallvard B Furuseth wrote:

> François Beretti writes:
>  
>
> > I want to give my users the right to create objects of a given class, 
> > without giving them the right to modify those created by other users
> > For the second part I can use the creatorsName attribute, but I don't 
> > know how I can make a deifference between the right to create an entry 
> > and the right to modify it.
> >    
>
> See OPERATION REQUIREMENTS in slapd.access(5):
>
>     The add operation requires  write  (=w)  privileges  on  the
>     pseudo-attribute  entry  of the entry being added, and write
>     (=w) privileges on  the  pseudo-attribute  children  of  the
>     entry's parent.
>
>     The modify operation requires write (=w) privileges  on  the
>     attibutes being modified.
>
>  
According what you say, the right to add an entry implies the right to 
modify it and to delete it.
So if every user can create these entries, then every user can delete it.

François