CONFIGURING


Target scope
When you select a category as a target in the Target box, you use the Scope of Target box to specify whether a subject's access settings apply only to documents at that category or also to documents under subcategories as well.

About this task

Keep This container and all descendants (the default) selected to apply the subject's access settings to documents under the selected target category as well as to documents under subcategories. Select This container only to apply the subject's access settings to documents under the selected target category only.

You select a scope for each subject with access at a target category.

Example of using This container and all descendants as a target scope

About this task

Suppose you want users who access the database through the -Default- entry to see any Person and Group document in the directory but no other type of document. You could do the following:


Example of using This container only as a target scope

About this task

Suppose the names of documents in your company fall under the organization O=Acme or one of the organizational units OU=East or OU=West. You want to deny the group Admins/Acme all access to documents in the directory except documents at O=Acme. You want to allow the group all access to documents at O=Acme. You could give the group Admins/Acme Editor access in the database ACL with all database ACL privileges and administration roles. At / (root) deny Admins/Acme all access and select This container and all descendants. At O=Acme allow Admins/Acme all access and select This container only as the scope. Admins/Acme deny access set at / (root) continues to apply to OU=East and OU=West.

Related concepts
Elements of an extended ACL
Setting up and managing an extended ACL
Extended ACL