From: Kurt Zeilenga Date: Thu, 10 Oct 2002 04:27:23 +0000 (+0000) Subject: Clarify new "entry" ACLs X-Git-Tag: NO_SLAP_OP_BLOCKS~895 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=dd3279eab0639a29b483ab5dbf282b8f45d3bf07;p=openldap Clarify new "entry" ACLs --- diff --git a/doc/guide/admin/slapdconfig.sdf b/doc/guide/admin/slapdconfig.sdf index 1e653232ec..f7ed62772d 100644 --- a/doc/guide/admin/slapdconfig.sdf +++ b/doc/guide/admin/slapdconfig.sdf @@ -650,11 +650,13 @@ There are two special {{psuedo}} attributes {{EX:entry}} and {{EX:children}}. To read (and hence return) an target entry, the subject must have {{EX:read}} access to the target's {{entry}} attribute. To add or delete an entry, the subject must have -{{EX:write}} access to the entry's parent's {{EX:children}} attribute. -To rename an entry, the subject must have {{EX:write}} access to -both the old parent's and new parent's {{EX:children}} attributes. -The complete examples at the end of this section should help clear -things up. +{{EX:write}} access to the entry's {{EX:entry}} attribute AND must +have {{EX:write}} access to the entry's parent's {{EX:children}} +attribute. To rename an entry, the subject must have {{EX:write}} +access to entry's {{EX:entry}} attribute AND have {{EX:write}} +access to both the old parent's and new parent's {{EX:children}} +attributes. The complete examples at the end of this section should +help clear things up. Lastly, there is a special entry selector {{EX:"*"}} that is used to select any entry. It is used when no other {{EX:}}