Ability to edit an Access Control Instruction (ACI).




Try This:

Edit one of the existing ACI using Netscape Console.


See Setting Access Control using the Server Console in the Admin Guide.

 

Editing ACIs

 

Creating A New ACI

To create a new ACI, do the following:

1.  Login to Netscape Console using the Administrative login.  If you followed the suggestions in 
     the Installation module, the login and password should both be admin.

2.  On the Directory Server Console, select the Directory tab. 

3.  Right-click the entry in the navigation tree for which you want to set access control, and select 
     Set Access Permissions from the pop-up menu. 
 

 
4.  Click New. The Set Access Permissions dialog box appears. 

The table on the Set Access Permissions dialog box lists the access control rules (ACRs) defined for this ACI.  By default, the first ACR denies access to everyone with the exception of the root DN (Directory Manager). 

5.  Click ACI Attributes.  The Select Attributes dialog appears. 

6.  If you want to change the name of the ACI, type the new name in the ACI Name text box.  The 
     name can be any string you want to use to uniquely identify the ACI.  The name is optional.  If 
     you do not enter a name, the server uses "unknown". 

7.  The Target text box contains the DN of the entry you selected in the Directory navigation tree.  
     You may enter a new target if you want.  Remember, the ACI you define applies to the target 
     entry and all subentries in the directory tree. If you use the suffix, for example, o=airius.com 
     as the target, the ACI applies to the entire directory tree. 

The target must be a valid DN.  You can use the default "is" to set a target that is equal to the DN you enter or select "is not" to set a target that is not equal to the DN you enter.  If the DN you target contains a comma as part of its value, you must escape the comma with a single backslash (\). 

8.  You may enter a search filter in the Target Filter text box.  You can use the default "is" to set a 
      target filter that is equal to the value you enter or select "is not" to set a target filter that is not 
      equal to the value you enter. 

9.  You may enter an attribute to target in the Target Attribute text box. By default, all attributes (*) 
      are targeted.  You can use the default "is" to set a target attribute that is equal to the value you 
      enter or select "is not" to set a target attribute that is not equal to the value you enter.  If you 
      want to enter more than one attribute, separate the attributes with a double-pipe "||".  Click OK 
      to return to the Set Access Permissions dialog box. 

10.  You can check or modify the LDIF syntax of the ACI by clicking View/Edit Syntax. This 
       displays the Edit ACI Syntax dialog box.  Click OK to return to the Set Access Permissions 
       dialog box. 

11.  To edit an ACR in the table, double-click the cell to display a dialog box for entering additional 
       information. 

     

Editing an Existing ACI

To edit an existing ACI, do the following:

1.  Login to Netscape Console using the Administrative login.  If you followed the suggestions in 
     the Installation module, the login and password should both be admin.

2.  On the Directory Server Console, select the Directory tab. 

3.  Right-click the entry in the navigation tree for which you want to edit access control, and select 
     Set Access Permissions from the pop-up menu. A dialog appears prompting you to select the
     ACI you want to edit. Select the ACI and click OK. The Set Access Permissions dialog box 
     appears.  The Set Access Permissions dialog box contains the ACRs and other information 
     about the ACI. 

4.  Make the desired changes to the various areas of the Set Access Permissions dialog box. 
     Click OK when you have finished editing the ACI. 
 

Deleting an Existing ACI

To delete an ACI or ACR, do the following:

1.  Login to Netscape Console using the Administrative login.  If you followed the suggestions in 
     the Installation module, the login and password should both be admin.

2.  On the Directory Server Console, select the Directory tab. 

3.  Right-click the entry in the navigation tree from which you want to remove the ACI, and select 
     Set Access Permissions from the pop-up menu. A dialog appears prompting you to select an 
     ACI. 

If you want to delete an entire ACI, select the ACI you want to delete and click Delete. You are done. If you only want to remove an ACR from the ACI: 

  • Select the ACI in the list and click OK.  The Set Access Permissions dialog box appears.
  • Select the ACR in the table and click Delete Rule and then click OK. The ACR is deleted immediately. There is no undo.

Copyright © 2000
Sun-Netscape Alliance