HP-UX Directory Server 8.1 deployment guide
Figure 4-8 Directory branching for example isp
After creating the initial structure of their directory tree, they create additional branches as
follows:
Figure 4-9 Extended branching for example isp
Both the enterprise and the hosting organization design their data hierarchies based on information
that is not likely to change often.
4.2.2.4 Access control considerations
Introducing a hierarchy into the directory tree can be used to enable certain types of access
control. As with replication, it is easier to group similar entries, then administer them from a
single branch.
It is also possible to enable the distribution of administration through a hierarchical directory
tree. For example, to give an administrator from the marketing department access to the marketing
entries and an administrator from the sales department access to the sales entries, design the
directory tree according to those divisions.
Access controls can be based on the directory content rather than the directory tree. The filtered
mechanism can define a single access control rule stating that a directory entry has access to all
entries containing a particular attribute value. For example, set an ACI filter that gives the sales
administrator access to all the entries containing the attribute value ou=Sales.
4.2 Designing the directory tree 45