Red Hat Directory Server 8.0 Administrator's Guide

• Assigning rights

3.3.1. Allowing or Denying Access

You can either explicitly allow or deny access permissions to the directory tree.

NOTE

From the Directory Server Console, you cannot explicitly deny access, only grant

permissions.

3.3.2. Assigning Rights

Rights detail the specific operations a user can perform on directory data. You can allow or deny

all rights, or you can assign one or more of the following rights:

Right Description

Read Indicates whether users can read directory

data. This permission applies only to the

search operation.

Write Indicates whether users can modify an entry

by adding, modifying, or deleting attributes.

This permission applies to the modify and

modrdn operations.

Add Indicates whether users can create an entry.

This permission applies only to the add

operation.

Delete Indicates whether users can delete an entry.

This permission applies only to the delete

operation.

Search Indicates whether users can search for the

directory data. Users must have Search and

Read rights in order to view the data returned

as part of a search result. This permission

applies only to the search operation.

Compare Indicates whether the users can compare

data they supply with data stored in the

directory. With compare rights, the directory

returns a success or failure message in

response to an inquiry, but the user cannot

see the value of the entry or attribute. This

permission applies only to the compare

Defining Permissions

181