[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: too many permissions in the ACM

To: robert byrne <robert.byrne@Sun.COM>
Subject: Re: too many permissions in the ACM
From: Mark Davidson <markd@pwd.hp.com>
Date: Fri, 13 Jul 2001 10:23:15 +0100
Cc: ietf-ldapext@netscape.com
Organization: Hewlett-Packard
References: <H00002a208d279ad.0995005886.hpopd.pwd.hp.com@MHS>

Hi,

> To help a bit, I have included a previous mail where I outlined the
> functionality each permission provides and includes a proposal to drop
> two of the permissions ("t" and "p") with an explanation of why I think
> that
> would be acceptable.

I agree with Robert about removing 't' and 'p' and would also remove a
few others
(although not as many as before).

'c' (compare) is a special case of 's' (search), so if I wanted to stop
the compare
operation with an ACI I would also have to stop search. Otherwise, if
compare is 
denied, but not search, then I would just issue a baseObject search
using an equality
filter and get the same information. So I would drop 'c' and leave 's'
to control 
compare.

'i' import and 'e' export seem to be related to 'a' add and 'd' delete.
Does the list
think that we need to tell the difference between adding and deleting
entries and 
moving them? If not, then 'i' and 'e' can go and add can replace import
and delete 
replace export in section 5.6 (Modify DN Operation).

Mark

Prev by Date: XXX Site of the year
Next by Date: Interested in Making 25,000 a wk. THIS YEAR?
Index(es):
- Chronological
- Thread