Acitve Directory(AD) or AD in Application Mode(ADAM)

Discussion in 'Active Directory' started by Sasi, Apr 8, 2004.

  1. Sasi

    Sasi Guest

    Hello

    I was working with AD & ADAM directories, I need an information regarding security for the attributes. Is there any wa
    we can define ACL's or security for the attributes such that certain users should not see certain attributes.
    Because we have different applications and certain applications are not supposed to see particular attributes. So can anyone help me to define the security

    Thanks in Advance
    Sasi
     
    Sasi, Apr 8, 2004
    #1
    1. Advertisements

  2. Yes, you can define security with attribute granularity.
    Create an ADAM group for each application, and use DSACLS to grant access to
    those groups.
    When you grant read-property or write-property access, you can specify which
    property or propSet it applies to.

    I suggest NOT to use deny aces, they usually do more what you came for. Try
    not to introduce too many ACEs, use propset-specific aces if you can help
    it.

    Security is defined well in AD docs. ADAM is the same as AD. Only schema is
    a bit smaller, so you have less attributes to worry about.

    --
    Dmitri Gavrilov
    SDE, Active Directory Core

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm

    regarding security for the attributes. Is there any way
    should not see certain attributes.
    supposed to see particular attributes. So can anyone help me to define the
    security.
     
    Dmitri Gavrilov [MSFT], Apr 8, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.