4.2.1 - Introduction¶
First of all, one has to understand that Authorization in this context involves four components. The principle is :
Let's define the four components.
the set of entity being able to do some action. It can be every user, the entry owner, a list of users, members of a group or a selection in the DIT. Basically, a user is defined as an entry in the DIT.
Generally speaking, a grant or denial to do something, depending on the selected item (read, delete, etc).
An item is an element of the DIT. It can be an Entry, an AttributeType, some AttributeValues. It can also define some constraints that will apply on the selected entries.
It defines the set of entries on which the defined ACI applies. It can be the whole DIT, a part of the DIT, a selection of entries, an Entry.
We implement those elements using ACIs.
The following chapters will present you the system inside out.