30 lines
1.5 KiB
HTML
30 lines
1.5 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<html>
|
|
<head>
|
|
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
|
|
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
|
|
|
|
<title>Dynamic groups and nested group support</title>
|
|
</head>
|
|
|
|
<BODY>
|
|
<!-- Java sync-link -->
|
|
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
|
|
|
|
<h6><a name="secldapdyn"></a>Dynamic groups and nested group support (Version 5.1.1 or later)</h6>
|
|
|
|
<p><em>Dynamic groups</em> contain a group name and membership criteria:</p>
|
|
|
|
<ul>
|
|
<li>The group membership information is as current as the information on the user object.</li>
|
|
<li>Manually maintaining members on the group object is not necessary.</li>
|
|
<li>Dynamic groups are designed so application does not need a large amount of information from the directory to find out if someone is a member of a group.</li>
|
|
</ul>
|
|
|
|
<p><em>Nested groups</em> enable the creation of hierarchical relationships that are used to define inherited group membership. A nested group is defined as a child group entry whose distinguished name (DN) is referenced by a parent group entry attribute.</p>
|
|
|
|
<p>Dynamic and nested groups simplify WebSphere Application Server - Express security management and increase its effectiveness and flexibility. You only need to assign a larger parent group if all nested groups share the same privilege. Assigning a role to a single parent group simplifies the runtime authorization table.</p>
|
|
|
|
</body>
|
|
</html>
|