Ping Identity Directory Server - Delegated Admin Rights

Directory Server Documentation Index
Configuration Reference Home

Delegated Admin Rights

Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.

Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.

A Delegated Admin Rights defines a user, or group of users, who can manage resources through the Delegated Admin API.

↓Relations from This Component
↓Properties
↓dsconfig Usage

Relations from This Component

The following components have a direct composition relation from Delegated Admin Rights:

Delegated Admin Resource Rights

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ enabled	None
↓ admin-user-dn
↓ admin-group-dn

Basic Properties

enabled

Description	Indicates whether the Delegated Admin Rights is enabled. If a Delegated Admin Rights is not enabled, then it is not available for authentication and authorization decisions when processing requests.
Default Value	None
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

admin-user-dn

Description	Specifies the DN of an administrative user who has authority to manage resources. Either admin-user-dn or admin-group-dn must be specified, but not both.
Default Value	None
Allowed Values	A valid DN.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

admin-group-dn

Description	Specifies the DN of a group of administrative users who have authority to manage resources. Either admin-user-dn or admin-group-dn must be specified, but not both.
Default Value	None
Allowed Values	A valid DN.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured Delegated Admin Rights:

dsconfig list-delegated-admin-rights
     [--property {propertyName}] ...

To view the configuration for an existing Delegated Admin Rights:

dsconfig get-delegated-admin-rights-prop
     --rights-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Delegated Admin Rights:

dsconfig set-delegated-admin-rights-prop
     --rights-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Delegated Admin Rights:

dsconfig create-delegated-admin-rights
     --rights-name {name}
     --set enabled:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Delegated Admin Rights:

dsconfig delete-delegated-admin-rights
     --rights-name {name}