content/apacheds/advanced-ug/4.2.1-introduction.mdtext - directory-site - Git at Google

 Title: 4.2.1 - Introduction
 NavPrev: 4.2-authorization.html
 NavPrevText: 4.2 - Authorization
 NavUp: 4.2-authorization.html
 NavUpText: 4.2 - Authorization
 NavNext: 4.2.2-definitions.html
 NavNextText: 4.2.2 - Definitions
 Notice: Licensed to the Apache Software Foundation (ASF) under one
     or more contributor license agreements.  See the NOTICE file
     distributed with this work for additional information
     regarding copyright ownership.  The ASF licenses this file
     to you under the Apache License, Version 2.0 (the
     "License"); you may not use this file except in compliance
     with the License.  You may obtain a copy of the License at
     .
     http://www.apache.org/licenses/LICENSE-2.0
     .
     Unless required by applicable law or agreed to in writing,
     software distributed under the License is distributed on an
     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
     KIND, either express or implied.  See the License for the
     specific language governing permissions and limitations
     under the License.

 # 4.2.1 - Introduction

 First of all, one has to understand that Authorization in this context
 involves four components. The principle is :

 <DIV class="info" markdown="1">
  grants <b>Users</b> authorization to proceed some <b>Action</b> on a set of
 <b>Items</b> in a defined <b>Area</b>
 </DIV>

 Let's define the four components.

 **Users** :

 > the set of entity being able to do some action. It can be every user,
 > the entry owner, a list of users, members of a group or a selection in the
 > DIT. Basically, a **user** is defined as an entry in the DIT.

 **Action** :

 > Generally speaking, a grant or denial to do something, depending on the
 > selected item (read, delete, etc).

 **Items** :
 > An **item** is an element of the DIT. It can be an Entry, an
 > AttributeType, some AttributeValues. It can also define some constraints
 > that will apply on the selected entries.

 **Area** :

 > It defines the set of entries on which the defined ACI applies. It can
 > be the whole DIT, a part of the DIT, a selection of entries, an Entry.

 We implement those elements using **ACI**s.

 The following chapters will present you the system inside out.
	Title: 4.2.1 - Introduction
	NavPrev: 4.2-authorization.html
	NavPrevText: 4.2 - Authorization
	NavUp: 4.2-authorization.html
	NavUpText: 4.2 - Authorization
	NavNext: 4.2.2-definitions.html
	NavNextText: 4.2.2 - Definitions
	Notice: Licensed to the Apache Software Foundation (ASF) under one
	or more contributor license agreements. See the NOTICE file
	distributed with this work for additional information
	regarding copyright ownership. The ASF licenses this file
	to you under the Apache License, Version 2.0 (the
	"License"); you may not use this file except in compliance
	with the License. You may obtain a copy of the License at
	.
	http://www.apache.org/licenses/LICENSE-2.0
	.
	Unless required by applicable law or agreed to in writing,
	software distributed under the License is distributed on an
	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	KIND, either express or implied. See the License for the
	specific language governing permissions and limitations
	under the License.

	# 4.2.1 - Introduction

	First of all, one has to understand that Authorization in this context
	involves four components. The principle is :

	<DIV class="info" markdown="1">
	grants <b>Users</b> authorization to proceed some <b>Action</b> on a set of
	<b>Items</b> in a defined <b>Area</b>
	</DIV>

	Let's define the four components.

	Users :

	> the set of entity being able to do some action. It can be every user,
	> the entry owner, a list of users, members of a group or a selection in the
	> DIT. Basically, a user is defined as an entry in the DIT.

	Action :

	> Generally speaking, a grant or denial to do something, depending on the
	> selected item (read, delete, etc).

	Items :
	> An item is an element of the DIT. It can be an Entry, an
	> AttributeType, some AttributeValues. It can also define some constraints
	> that will apply on the selected entries.

	Area :

	> It defines the set of entries on which the defined ACI applies. It can
	> be the whole DIT, a part of the DIT, a selection of entries, an Entry.

	We implement those elements using ACIs.

	The following chapters will present you the system inside out.