G.5. Setting Access Controls
G.5.1. Granting Admin Privileges to Users for Directory Server and Administration Server
adminuser for the Administration Server and similar to the
cn=Directory Manageruser in Directory Server (though not exactly the same as the Directory Manager, which is a special user).
- Highlight a server in the Console navigation tree.
- Select the Object menu, and choose Set Access Permissions.Alternatively, right-click the entry, and choose Set Access Permissions.
- Clickto add a new user to the list of administrators for the server. The default users,
Directory Managerfor the Directory Server and
adminfor the Administration Server, are not listed in the Set Permissions Dialog box.
- Search for the users to add as an administrators. In the results, highlight the selected users, and clickto add them to the administrators list.For more information on searching for users and groups, see Section G.4.1, “Searching for Users and Groups”.
- Click OK to add the names to the Set Permissions Dialog list, then click OK again to save the changes and close the dialog.
G.5.2. Setting Access Permissions on Console Elements
- User and Groups Tab (viewing)
- User and Groups Tab (editing)
- Topology Tab (editing)
- Custom View Tab (editing)
- Server Security (editing)
- Enabling anonymous access
- Default anonymous access
- Configuration administrator's modifications
- Enabling group expansions
- SIE (host) group permissions
- In the top menu, selectand then .
- Select the Console element from the list, and click thebutton.
- In the ACI Manager window, click the button.The five inherited ACIs are not displayed by default; to see them listed, click the Show inherited ACIs check box.
- Configure the ACI by setting, at a minimum, the users to which it applies and the rights which are allowed. To configure the ACI in the wizard (visually):
More complex ACIs may not be able to be edited visually; in those cases, click thebutton, and configure the ACI entry directly.Use thebutton to validate the ACI.
- Enter a name for the ACI in the ACI Name field.
- In the Users/Groups tab, click the button to open the search window. Search for and add the users to which apply the ACI.Select the users from the results list and click thebutton to include them. Click to save the list.
- In the Rights tab, specify which operations are permitted as part of this ACI.To hide a Console element entirely from the selected users, groups, and hosts, clickto block any access.
- Optionally, set the target entry in the subtree, hostnames, or times of day where the ACI is in effect.
- Click OK to save the ACI.
- Restart Red Hat Management Console to apply the new ACI.