Data Governance Server Documentation Index
Configuration Reference Home

Root DN

Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.

The Root DN configuration contains all the Root DN Users defined in the Data Governance Server. In addition, it also defines the default set of privileges that Root DN Users automatically inherit.

Relations from This Component
Properties
dsconfig Usage

Relations from This Component

The following components have a direct composition relation from Root Dns:

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
↓ default-root-privilege-name  None

Basic Properties

default-root-privilege-name

Description
Specifies the names of the privileges that root users will be granted by default.
Default Value
audit-data-security
bypass-acl
modify-acl
config-read
config-write
ldif-import
ldif-export
backend-backup
backend-restore
server-shutdown
server-restart
disconnect-client
password-reset
update-schema
privilege-change
unindexed-search
lockdown-mode
stream-values
third-party-task
use-admin-session
soft-delete-read
metrics-read
manage-topology
permit-get-password-policy-state-issues
permit-proxied-mschapv2-details
collect-support-data
file-servlet-access
Allowed Values
audit-data-security - Allows the associated user to execute data security auditing tasks.

bypass-acl - Allows the associated user to bypass all access control checks performed by the server for any type of operation.

bypass-read-acl - Allows the associated user to bypass access control checks performed by the server for bind, compare, and search operations. Access control evaluation may still be enforced for other types of operations.

modify-acl - Allows the associated user to modify the server's access control configuration.

config-read - Allows the associated user to read the server configuration.

config-write - Allows the associated user to update the server configuration. The config-read privilege is also required.

jmx-read - Allows the associated user to perform JMX read operations.

jmx-write - Allows the associated user to perform JMX write operations.

jmx-notify - Allows the associated user to subscribe to receive JMX notifications.

ldif-import - Allows the user to request that the server process LDIF import tasks.

ldif-export - Allows the user to request that the server process LDIF export tasks.

backend-backup - Allows the user to request that the server process backup tasks.

backend-restore - Allows the user to request that the server process restore tasks.

server-shutdown - Allows the user to request that the server shut down.

server-restart - Allows the user to request that the server perform an in-core restart.

proxied-auth - Allows the user to use the proxied authorization control, or to perform a bind that specifies an alternate authorization identity.

disconnect-client - Allows the user to terminate other client connections.

password-reset - Allows the user to reset user passwords.

update-schema - Allows the user to make changes to the server schema.

privilege-change - Allows the user to make changes to the set of defined root privileges, as well as to grant and revoke privileges for users.

unindexed-search - Allows the user to request that the server process a search that cannot be optimized using server indexes.

unindexed-search-with-control - Allows the user to request that the server process a search that cannot be optimized using server indexes but includes the permit unindexed search request control.

bypass-pw-policy - Allows the associated user to bypass password policy processing performed by the server.

lockdown-mode - Allows the associated user to request that the server enter or leave lockdown mode, or to perform operations while the server is in lockdown mode.

stream-values - Allows the associated user to perform a stream values extended operation to obtain all entry DNs and/or all values for one or more attributes for a specified portion of the DIT.

third-party-task - Allows the associated user to invoke tasks created by third-party developers.

use-admin-session - Allows the associated user to use an administrative session to request that operations be processed using a dedicated pool of worker threads.

soft-delete-read - Allows the associated user access to soft-deleted entries.

metrics-read - Allows the associated user access to data in the metrics backend.

manage-topology - Allows the associated user to manage the set of server instances that are part of a topology.

permit-get-password-policy-state-issues - Allows the associated user to issue a bind request that includes the get password policy state issues request control. The bind request must also include the retain identity request control.

permit-proxied-mschapv2-details - Allows the associated user to issue an UNBOUNDID-MS-CHAP-V2 SASL bind request that includes the proxied MS-CHAPv2 details request control. The bind request must also include the retain identity request control.

permit-externally-processed-authentication - Allows the associated user to issue a SASL bind request using the UNBOUNDID-EXTERNALLY-PROCESSED-AUTHENTICATION mechanism.

permit-forwarding-client-connection-policy - Allows the associated user to request that an operation be processed using a specified client connection policy.

exec-task - Allows the associated user to schedule an exec task.

collect-support-data - Allows the requester to invoke the collect-support-data tool via an administrative task or an extended operation.

file-servlet-access - Allows the requester to access the content exposed by file servlet instances that require this privilege.
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To view the Root DN configuration:

dsconfig get-root-dn-prop
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the Root DN configuration:

dsconfig set-root-dn-prop
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...