Search

Chapter 8. Checking access rights on entries using Get Effective Rights search

download PDF

As an administrator, you can find and control access rights that a user has on attributes within a specific entry.

Get effective rights (GER) is a way to extend directory searches to display what access rights a user has to a specified entry. You can specify the following rights:

  • Read
  • Write and self-write
  • Search
  • Add
  • Delete

Checking effective rights on an entry is beneficial in the following situations:

  • You can use the GER commands to better organize access control instructions for the directory. It is often necessary to restrict what one group of users can view or edit compared to another group. For example, members of the QA Managers group may have the right to search and read attributes like manager and salary but only HR Group members have the right to modify or delete them. Checking effective rights for a user or group is one way to verify that an administrator sets the appropriate access controls.
  • You can use the GER commands to see what attributes you can view or modify on your personal entry. For example, a user should have access to attributes such as homePostalAddress and cn but may only have read access to manager and salary attributes.

The getEffectiveRights search uses the following entities:

  • The requester. It is the authenticated entry when the getEffectiveRights search issues an operation.
  • The subject whose rights you will evaluate. It is defined as authorization DN in the GER control.
  • The target. You define it by the search base, search filter, and attribute list of the request.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.