DIRECTORY SERVICES
The following figure shows the target scope "This container and all descendants" selected for the subject Admins/Acme at the / (root) target.
You select a scope for each subject with access at a target category.
Example of using "This container and all descendants" as a target scope
Suppose you want users who access the database through the -Default- entry to see any Person and Group document in the directory but no other type of document. You could do the following:
Example of using "This container only" as a target scope
Suppose the names of documents in your company fall under the organization O=Acme or one of the organizational units OU=East or OU=West. You want to deny the group Admins/Acme all access to documents in the directory except documents at O=Acme. You want to allow the group all access to documents at O=Acme. You could give the group Admins/Acme Editor access in the database ACL with all database ACL privileges and administration roles. At / (root) deny Admins/Acme all access and select "This container and all descendants." At O=Acme allow Admins/Acme all access and select "This container only" as the scope. Admins/Acme deny access set at / (root) continues to apply to OU=East and OU=West.
The following figure illustrates these access settings.
Related topics