Ping Identity Directory Server - Delegated Admin Resource Rights

Directory Server Documentation Index
Configuration Reference Home

Delegated Admin Resource Rights

Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.

Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.

Delegated Admin Resource Rights give a user, or group of users, authority to manage a specific resource type through the Delegated Admin API.

↓Relations from This Component
↓Relations to This Component
↓Properties
↓dsconfig Usage

Relations from This Component

The following components have a direct aggregation relation from Delegated Admin Resource Rights:

REST Resource Type

Relations to This Component

The following components have a direct composition relation to Delegated Admin Resource Rights:

Delegated Admin Rights

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ enabled	None
↓ rest-resource-type
↓ admin-permission
↓ admin-scope
↓ resource-subtree
↓ resources-in-group

Basic Properties

enabled

Description	Indicates whether these Delegated Admin Resource Rights are enabled. If these Delegated Admin Resource Rights are not enabled, then they are not available for authentication and authorization decisions when processing requests.
Default Value	None
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

rest-resource-type (Read-Only)

Description	Specifies the resource type applicable to these Delegated Admin Resource Rights.
Default Value	None
Allowed Values	The DN of any REST Resource Type.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

admin-permission

Description	Specifies administrator(s) permissions.
Default Value	None
Allowed Values	create - The administrator(s) can create new resources. read - The administrator(s) can read resources. update - The administrator(s) can update resources. delete - The administrator(s) can delete resources. manage-group-membership - The administrator(s) can manage the membership of group resources.
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

admin-scope

Description	Specifies the scope of these Delegated Admin Resource Rights.
Default Value	resources-in-specific-subtrees
Allowed Values	resources-in-specific-groups - The administrator(s) can manage only members of specific groups, as specified by resources-in-group. resources-in-specific-subtrees - The administrator(s) can manage only entries in specific subtrees within the search base, as specified by resource-subtree. all-resources-in-base - The administrator(s) can manage all entries under the search base.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

resource-subtree

Description	Specifies subtrees within the search base whose entries can be managed by the administrator(s). The admin-scope must be set to resources-in-specific-subtrees.
Default Value	None
Allowed Values	A valid DN.
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

resources-in-group

Description	Specifies groups whose members can be managed by the administrator(s). The admin-scope must be set to resources-in-specific-groups.
Default Value	None
Allowed Values	A valid DN.
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured Delegated Admin Resource Rights:

dsconfig list-delegated-admin-resource-rights
     [--property {propertyName}] ...

To view the configuration for an existing Delegated Admin Resource Rights:

dsconfig get-delegated-admin-resource-rights-prop
     --rest-resource-type {name}
     --rights-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Delegated Admin Resource Rights:

dsconfig set-delegated-admin-resource-rights-prop
     --rest-resource-type {name}
     --rights-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Delegated Admin Resource Rights:

dsconfig create-delegated-admin-resource-rights
     --rest-resource-type {name}
     --rights-name {name}
     --set enabled:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Delegated Admin Resource Rights:

dsconfig delete-delegated-admin-resource-rights
     --rest-resource-type {name}
     --rights-name {name}