Users can modify a list of common attributes in their own entries, including the mail, telephoneNumber, userPassword, and seeAlso attributes. Operational and most of the security attributes, such as aci, nsroledn, and passwordExpirationTime, cannot be modified by users.

Users have anonymous access to the directory for search, compare, and read operations.

The administrator (by default uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot) has all rights except proxy rights.

All members of the Configuration Administrators group have all rights except proxy rights.

All members of the Directory Administrators group have all rights except proxy rights.

Server Instance Entry (SIE) group.

All members of the Configuration Administrators group have all rights on the NetscapeRoot subtree except proxy rights.

Users have anonymous access to the NetscapeRoot subtree for search and read operations.

All authenticated users have search, compare, and read rights to configuration attributes that identify the Admin Server.

Group expansion.