[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Granting rights based on relationships



At 03:41 PM 6/7/00 -0400, Mark Valence wrote:
>While we're talking about ACLs and ACIs, here's what I'd like to be 
>able to do.  I'd like to grant rights based on (dynamic) 
>relationships between the subject and the object.  Like grant access 
>to my boss's secretary, or to all my brother's children.  My boss 
>might change, or his secretary might change, so I don't want to 
>hard-code a DN.  Likewise, my brother might have a new kid, I don't 
>want to have to update my list (or use a group) when his object 
>contains this info.

Something like:

access to dn="cn=me..." attrs=entry,title
 by dnattr=manager/secretary write
 by dnattr=brother/children read