In addition to authentication (for example, by means of name and password), access protection is required for each object at the attribute level. A telephone number, for example, is an attribute that in general everybody is allowed to read. However, an attribute value such as a user password normally has restricted access. In addition, even for attributes that everyone is allowed to read, it may only be acceptable for a small number of people to have authorization to change the values.
Because there can be a multitude of different attributes in the DIT, it is too expensive to define a protection mechanism for each individual attribute type. The directory attribute DSX_A_ACL is present for each entry in the DIT. Its syntax is Object(DSX_C_GDS_ACL), referencing the GDS class DSX_C_GDS_ACL. These OM classes and attributes have been added to the directory service to specify the category of access to the individual attributes that are granted to users. There are three categories of access: public, standard, and sensitive.
DSX_C_GDS_ACL has five OM attributes that define the read and modify access rights for each of these categories (read access is granted to all users; modify access implicitly grants read access):
· DSX_MODIFY_PUBLIC
Specifies the user, or group of users, that can modify attributes classified as public attributes
· DSX_READ_STANDARD
Specifies the user, or group of users, that can read attributes classified as standard attributes
· DSX_MODIFY_STANDARD
Specifies the user, or group of users, that can modify attributes classified as standard attributes
· DSX_READ_SENSITIVE
Specifies the user, or group of users, that can read attributes classified as sensitive attributes
· DSX_MODIFY_SENSITIVE
Specifies the user, or group of users, that can modify attributes classified as sensitive attributes
The ACL of the default schema has no access rights when GDS is configured. Every user, including the anonymous user, has read and modify access to all attributes in the schema.
A master entry can be created only by the user who has write access to the naming attribute of the parent node. Thus, the user can create all attributes of the entry. Using the ACL class, the user can establish which objects can be accessed. If the user does not enter an ACL attribute when creating an entry, GDS automatically uses the ACL attribute of the parent node for the new entry.
A master entry can only be deleted by users who have write access to the naming attribute of the entry to be deleted.
A shadow entry created by means of shadow handling (refer to the OSF GDS Administration Guide and Reference) has the same ACL attribute as the corresponding master entry. This entry can therefore only be modified and deleted by the user who can also modify and delete the master entry.