friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahy_5.4.0.1/rzahyroles.htm

47 lines
2.7 KiB
HTML
Raw Permalink Blame History

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>Directory Server (LDAP) - Roles</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
<a name="rzahyroles"></a>
<h4 id="rzahyroles">Roles</h4>
<p>Role-based authorization is a conceptual complement to the group-based
authorization, and is useful in some cases. As a member of a role, you have
the authority to do what is needed for the role in order to accomplish a job.
Unlike a group, a role comes with an implicit set of permissions. There is
not a built-in assumption about what permissions are gained (or lost) by being
a member of a group.</p>
<p>Roles are similar to groups in that they are represented in the directory
by an object. Additionally, roles contain a group of DNs. Roles which are
to be used in access control must have an objectclass of 'AccessRole'. The
'Accessrole' objectclass is a subclass of the 'GroupOfNames' objectclass.</p>
<p>For example, if there are a collection of DNs such as 'sys admin', your
first reaction might be to think of them as the 'sys admin group' (since groups
and users are the most familiar types of privilege attributes). However, since
there are a set of permissions that you would expect to receive as a member
of 'sys admin' the collection of DNs can be more accurately defined as the
'sys admin role'.</p>
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink