Changes between Version 8 and Version 9 of ALL__accounts_roles

Timestamp:

05/22/15 16:03:06 (10 years ago)

Author:

lttoth@…

Comment:

--

ALL__accounts_roles

@@ -10 +10 @@
 === iPlanet Accounts ===
 
+
+==== EDIR Web Gateway ====
+The following credentials utilized by EDIR web gateway for "anonymous" access
+        * uid=edirgw03,ou=resource,dc=alaska,dc=edu
+
+The following credentials are utilized by EDIR web gateway to access privileged information not expected to be visible to "anonymous" access but need for functions like the "This is me! Log In" link.
+        * uid=edirpriv03,ou=resource,dc=alaska,dc=edu
+
+==== AUTHSERV Web Gateway ====
+The following credentials are utilized by the AUTHSERV web gateway 
+        * uid=authserv03,ou=resource,dc=alaska,dc=edu
+
+The following credentials are utilized by AUTHSERV web gateway to access privileged information 
+        * uid=authpriv03,ou=resource,dc=alaska,dc=edu
+
+==== UPDATE ====
+The following credentials are utilized by UPDATE interface for batch processing
         * uid=edirbatch03,ou=resource,dc=alaska,dc=edu
-                credentials utilized by UPDATE interface for batch processing
-
-        * uid=edirgw03,ou=resource,dc=alaska,dc=edu
-                credentials utilized by EDIR web gateway for "anonymous" access
-
-        * uid=edirpriv03,ou=resource,dc=alaska,dc=edu
-                credentials utilized by EDIR web gateway to access privileged information 
-                not expected to be visible to "anonymous" access but need for functions 
-                like the "This is me! Log In" link.
-
-        * uid=authserv03,ou=resource,dc=alaska,dc=edu
-                credentials utilized by the AUTHSERV web gateway 
-
-        * uid=authpriv03,ou=resource,dc=alaska,dc=edu
-                credentials utilized by AUTHSERV web gateway to access privileged information 
-
+
+The following credentials are utilized by UPDATE back end to access privileged information and perform privileged tasks
         * uid=updategw03,ou=resource,dc=alaska,dc=edu
-                credentials utilized by UPDATE back end to access privileged information 
-                and perform privileged tasks
-
-Note: Most likely, AUTHSERV needs only one set of credentials.
+
+
+''Note:'' Most likely, AUTHSERV needs only one set of credentials.
 
 === iPlanet Roles ===
-        
+==== Anonymous Access ====
+The following roles are associated with ACIs allowing gateway access to non-privileged information      
         * cn=directoryGatewayRole,ou=people,dc=alaska,dc=edu
         * cn=directoryGatewayRole,ou=resource,dc=alaska,dc=edu
-                 roles associated with ACIs allowing gateway access to non-privileged information
-
+
+==== Privileged Gateway Access ====
+The following roles are associated with ACIs allowing gateway access to privileged information
         * cn=directoryPrivilegedRole,ou=people,dc=alaska,dc=edu
         * cn=directoryPrivilegedRole,ou=resource,dc=alaska,dc=edu
-                roles associated with ACIs allowing gateway access to privileged information
-
+
+==== Non-Privileged Gateway Access ====
+The following roles are associated with ACIs allowing gateway access to non-privileged information
         * cn=authserviceRole,ou=people,dc=alaska,dc=edu
         * cn=authserviceRole,ou=resource,dc=alaska,dc=edu
-                roles associated with ACIs allowing gateway access to non-privileged information
-
+
+==== Privileged AUTHSERV Access ====
+The following roles are associated with ACIs allowing authserv access to privileged information
         * cn=authservicePrivilegedRole,ou=resource,dc=alaska,dc=edu
         * cn=authservicePrivilegedRole,ou=people,dc=alaska,dc=edu
-                roles associated with ACIs allowing gateway access to privileged information
-
+
+==== UPDATE ====
+The following role is associated with ACIs allowing the update back end access to privileged information
         * (future) cn=superUserRole,ou=resource,dc=alaska,dc=edu
-                role associated with ACIs allowing the update back end access to privileged information
 
 === iPlanet ACIs ===
-
+==== Non-Privileged Gateway Role ====
+The following ACIs provide the non-privileged gateway role with read access to non-privileged information
         * EDIRGWANYCOMPARE
         * EDIRGWANYREAD
         * EDIRGWEMPREAD
         * EDIRGWSTUREAD
-                ACIs that provide the non-privileged gateway role with read access to non-privileged
-                information 
-
+ 
+==== Privileged Gateway Roles ====
+The following ACIs that provide the privileged gateway role the ability to ask true/false questions about attributes that are not otherwise visible
         * EDIRGWCOMPARE
         * EDIRGWEMPCOMPARE
         * EDIRGWSTUCOMPARE
-                ACIs that provide the privileged gateway role the ability to ask true/false
-                questions about attributes that are not otherwise visible
+                
+The following ACIs that provide the privileged gateway role with read access to privileged information          
 
         * EDIRGWPRIVREAD
-                ACIs that provide the privileged gateway role with read access to privileged 
-                information
+
+==== Non-Privileged Authservice Role ====
+The following ACIs that provide the non-privileged authserv role with read access to non-privileged information
 
         * AUTHSERVICEREAD
-                ACIs that provide the non-privileged authservice role with read access to non-privileged 
-                information
+
+==== Privileged Authservice Roles ====          
+The following ACIs that provide the privileged authserv role the ability to ask true/false questions about attributes that are not otherwise visible
 
         * AUTHSERVICEPRIVCOMPARE
-                ACIs that provide the privileged gateway role the ability to ask true/false
-                questions about attributes that are not otherwise visible
-
+
+The following ACIs that provide the privileged authserv role with read access to privileged information
         * AUTHSERVICEPRIVREAD
-                ACIs that provide the privileged authservice role with read access to privileged information
-
-        (future) SUADDDEL
-        (future) SUDENYREADSEARCHCOMPARE
-        (future) SUDENYWRITE
-        (future) SUREADWRITE
-                ACIs that provide (or deny) the privileged superuser role with read/write access
-                to privileged information
-
-
+
+==== Privileged Superuser Role ====
+Not Implemented:  The following ACIs would have provided (or denied) the privileged superuser role with read/write access to privileged information     
+       * SUADDDEL
+       * SUDENYREADSEARCHCOMPARE
+       * SUDENYWRITE
+       * SUREADWRITE
 
 == UNIX GROUPS AND MEMBER ACCOUNTS ==
@@ -240 +245 @@
                 '''Note:''' Historically, all grants on OPS$SXLDAP objects are made to the 
                 EDIR_GATEWAY via the SQL source scripts for creating the objects.  We haven't
-                been utilizing the role.  See eklutnat:~sxldap/local/ldap/registry/*.sql
+                been utilizing the role.  See eklutnat:~sxldap/local/ldap/registry/*.sql[[br]]