Policy Based Access Control Handler

A policy based access control handler implements a coarse grained access control model suitable for use in proxies.

Access control rules are defined using individual access control policy entries. A user's access is defined as the union of all access control rules that apply to that user. In other words, an individual access control rule can only grant additional access and can not remove rights granted by another rule. This approach results in an access control policy which is easier to understand and audit, since all rules can be understood in isolation.

Parent

The Policy Based Access Control Handler object inherits from Access Control Handler.

Dependencies

The following objects belong to Policy Based Access Control Handlers:

Basic Properties

enabled

SynopsisIndicates whether the Access Control Handler is enabled. If set to FALSE, then any client (including unauthenticated or anonymous clients) is allowed to bind to the server and any connection with the "bypass-acl" privilege is allowed to perform any operation.
Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced

No

Read-Only

No

Advanced Properties

Use the --advanced option to access advanced properties.

java-class

SynopsisSpecifies the fully-qualified name of the Java class that provides the Policy Based Access Control Handler implementation.
Default Value

org.opends.server.authorization.policy.PolicyBasedAccessControlHandler

Allowed Values

A Java class that extends or implements:

  • org.opends.server.api.AccessControlHandler

Multi-valued

No

Required

Yes

Admin Action Required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-Only

No

Read a different version of :