4.2.1 - Introduction

First of all, one has to understand that Authorization in this context involves four components. The principle is :

grants Users authorization to proceed some Action on a set of Items in a defined Area

Let's define the four components.

Users :

the set of entity being able to do some action. It can be every user, the entry owner, a list of users, members of a group or a selection in the DIT. Basically, a user is defined as an entry in the DIT.

Action :

Generally speaking, a grant or denial to do something, depending on the selected item (read, delete, etc).

Items :

An item is an element of the DIT. It can be an Entry, an AttributeType, some AttributeValues. It can also define some constraints that will apply on the selected entries.

Area :

It defines the set of entries on which the defined ACI applies. It can be the whole DIT, a part of the DIT, a selection of entries, an Entry.

We implement those elements using ACIs.

The following chapters will present you the system inside out.