[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: newbie question - acl for write/read not delete or change

To: Prakash Velayutham <Prakash.Velayutham@cchmc.org>
Subject: Re: newbie question - acl for write/read not delete or change
From: Lee Jensen <lee_jensen@sento.com>
Date: Fri, 18 Mar 2005 12:33:26 -0700
Cc: OpenLDAP-software@OpenLDAP.org, rayv5n@yahoo.com
In-reply-to: <s23adf80.011@n6mcgw16.cchmc.org>
References: <s23adf80.011@n6mcgw16.cchmc.org>

I believe this is the way it works...

Access levels can be applied to entries themselves or to the attributes
of the entries or both. If you have write access to the entry it does
not necessarily imply access to modify the attributes of the entry (the
change permission you request). Write access to the entry itself grants
you the ability to rename it, delete it, and add sub objects to it.

So with this understanding I don't know if you can have what you desire.
Because if a user can add an entry he needs write access on the parent
entry which implies that he can potentially change the parent entry?

Can anyone verify my conclusions here?

Lee

On Fri, 2005-03-18 at 14:05 -0500, Prakash Velayutham wrote:
> write gives the permission to change, isn't it?
> 
> Prakash
> 
> >>> ray v <rayv5n@yahoo.com> 03/18/05 12:32 PM >>>
> Can openldap ACLs be set up to allow write and read
> but never change or delete?
> 
> 
> 
> 
> 		
> __________________________________ 
> Do you Yahoo!? 
> Yahoo! Small Business - Try our new resources site!
> http://smallbusiness.yahoo.com/resources/ 
>

References:
- Re: newbie question - acl for write/read not delete or change
  - From: "Prakash Velayutham" <Prakash.Velayutham@cchmc.org>

Prev by Date: Re: newbie question - acl for write/read not delete or change
Next by Date: Question about syntax of attribute names (not values)
Index(es):
- Chronological
- Thread