| Title: 4.2.4.1 - EntryACI |
| NavPrev: 4.2.4-aci-types.html |
| NavPrevText: 4.2.4 - Aci Types |
| NavUp: 4.2.4-aci-types.html |
| NavUpText: 4.2.4 - Aci Types |
| NavNext: 4.2.4.2-prescriptiveaci.html |
| NavNextText: 4.2.4.2 - Prescriptive Aci |
| Notice: Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| . |
| http://www.apache.org/licenses/LICENSE-2.0 |
| . |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| |
| # 4.2.4.1 - EntryACI |
| |
| |
| Entry ACI are access controls added to entries to protect that entry |
| specifically. Meaning the protected entry is the entry where the ACI |
| resides. When performing an operation on an entry, ApacheDS checks for the |
| presence of the multivalued operational attribute, *entryACI*. The values |
| of the entryACI attribute contain ACIItems. |
| |
| <DIV class="info" markdown="1"> |
| There is one exception to the rule of consulting entryACI attributes within |
| ApacheDS: add operations do not consult the entryACI within the entry being |
| added. This is a security precaution. (??? Check this sentence) If allowed |
| users can arbitrarily add entries where they wanted by putting entryACI |
| into the new entry being added. This could compromise the DSA. |
| </DIV> |