[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL to deny deletes but allow entry creation.



> Hi,
>
> I am working on an application where we want to grant an admin account
> the privileges to create new entries, but prevent any further changes
> (or deletes) to the entry by the admin account.  I have looked through
> the docs and the faqs for this, and I am pretty sure that this is not
> possible.  The simile folks relate this with, is the ability to grant
> insert privileges to an account in mysql, but restrict selects,
> updates etc..  Before I tell the developers that this is not possible,
> I wanted to check with you folks first.  Have Any of you encountered
> similar situations?  How do others deal with cases like this?

man slapd.access(5), see in detail the "a" (add) and "z" privileges.  To
determine what you need to apply the privileges, please carefully read the
section "OPERATION REQUIREMENTS".

p.