[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Granting rights based on relationships
At 03:41 PM 6/7/00 -0400, Mark Valence wrote:
>While we're talking about ACLs and ACIs, here's what I'd like to be
>able to do. I'd like to grant rights based on (dynamic)
>relationships between the subject and the object. Like grant access
>to my boss's secretary, or to all my brother's children. My boss
>might change, or his secretary might change, so I don't want to
>hard-code a DN. Likewise, my brother might have a new kid, I don't
>want to have to update my list (or use a group) when his object
>contains this info.
Something like:
access to dn="cn=me..." attrs=entry,title
by dnattr=manager/secretary write
by dnattr=brother/children read