A policy based access control handler implements a coarse grained access control model suitable for use in proxies.
Access control rules are defined using individual access control policy entries. A user's access is defined as the union of all access control rules that apply to that user. In other words, an individual access control rule can only grant additional access and can not remove rights granted by another rule. This approach results in an access control policy which is easier to understand and audit, since all rules can be understood in isolation.
The Policy Based Access Control Handler object inherits from Access Control Handler.
The following objects belong to Policy Based Access Control Handlers:
Use the --advanced option to access advanced properties.
| Synopsis | Indicates whether the Access Control Handler is enabled. If set to FALSE, then no access control is enforced, and any client (including unauthenticated or anonymous clients) could be allowed to perform any operation if not subject to other restrictions, such as those enforced by the privilege subsystem. |
| Default Value | None |
| Allowed Values | true false |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | None |
| Advanced | No |
| Read-Only | No |
| Synopsis | Specifies the fully-qualified name of the Java class that provides the Policy Based Access Control Handler implementation. |
| Default Value | org.opends.server.authorization.policy.PolicyBasedAccessControlHandler |
| Allowed Values | A Java class that extends or implements: org.opends.server.api.AccessControlHandler |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | The object must be disabled and re-enabled for changes to take effect. |
| Advanced | Yes |
| Read-Only | No |