DIRECTORY SERVICES


Extended ACL: example 1
The Acme company uses this name hierarchy within its IBM® Lotus® Domino™ Directory: the organization O=Acme, and two organizational units below it, OU=Sales and OU=Engineering. The Acme company wants to prevent users registered under OU=Sales from accessing documents within OU=Engineering, and wants to prevent users registered under OU=Engineering from accessing documents within OU=Sales. Acme does the following to accomplish these security goals:

1. Sets the -Default- access in the Domino Directory database ACL to Reader.

2. Denies the subject */Sales/Acme all access to the target OU=Engineering.

3. Denies the subject */Engineering/Acme all access to the target OU=Sales.

See also