CONFIGURING
About this task
Keep This container and all descendants (the default) selected to apply the subject's access settings to documents under the selected target category as well as to documents under subcategories. Select This container only to apply the subject's access settings to documents under the selected target category only.
You select a scope for each subject with access at a target category.
Example of using This container and all descendants as a target scope
Suppose you want users who access the database through the -Default- entry to see any Person and Group document in the directory but no other type of document. You could do the following:
Suppose the names of documents in your company fall under the organization O=Acme or one of the organizational units OU=East or OU=West. You want to deny the group Admins/Acme all access to documents in the directory except documents at O=Acme. You want to allow the group all access to documents at O=Acme. You could give the group Admins/Acme Editor access in the database ACL with all database ACL privileges and administration roles. At / (root) deny Admins/Acme all access and select This container and all descendants. At O=Acme allow Admins/Acme all access and select This container only as the scope. Admins/Acme deny access set at / (root) continues to apply to OU=East and OU=West.
Related concepts Elements of an extended ACL Setting up and managing an extended ACL Extended ACL