Effective ACLs

Effective ACLs are the explicit and inherited ACLs of the selected entry. You can view the access rights for a specific effective ACL by selecting it and clicking the View button. The View access rights panel opens.

Viewing access rights

• The Rights section displays the addition and deletion rights of the subject.
  • Add child grants or denies the subject the right to add a directory entry beneath the selected entry.
  • Delete entry grants or denies the subject the right to delete the selected entry.
• The Security class section defines permissions for security classes. Attributes are grouped into security classes:
  • Normal - Normal attribute classes require the least security, for example, the attribute commonName.
  • Sensitive - Sensitive attribute classes require a moderate amount of security, for example homePhone.
  • Critical - Critical attribute classes require the most security, for example, the attribute userpassword.
  • System - System attributes are read only attributes that are maintained by the server.
  • Restricted - Restricted attributes are used to define access control.
  Each security class has permissions associated with it.
  • Read - the subject can read attributes.
  • Write - the subject can change the attributes.
  • Search - the subject can search attributes.
  • Compare - the subject can compare attributes.

Click OK to return to the Effective ACLs tab.

Click Cancel to return to the Edit ACL panel.