Schema Attribute Permissions

Owned by Alex Barth
Last updated: Dec 16, 2024
1 min read

The Austin Active Directory schema has been extended with the utexasEduAustinAuxClass and utexasEduAzureAuxClass auxiliary classes. These auxiliary classes add additional attributes to existing classes and allow additional information to be stored on objects in the Austin Active Directory. The attribute permission groups enable granular access to the attributes with easy-to-read group names.

Permission Group Naming Convention

Each attribute permission group follows the [auxiliary-class-type]-[short-object-type]-[short-attribute-name]-[permission-label] pattern. The pattern is comprised of the following components:

  • [auxiliary-class-type] - AUSTIN for attributes in the utexasEduAustinAuxClass and AZURE for attributes in the utexasEduAzureAuxClass 

  • [short-object-type] -  the shortened name of the object that the attribute permission group applies to (ex. User, Group, Computer, OU)

  • [short-attribute-name] - the shortened name of the attribute that the attribute permission group applies to (ex. Single1, Multi2, Bool3, Time4)

  • [permission-label] - the permission label for the permissions granted to the attribute permission group (see below)

Permission Labels

Label

Code

Rights

Label

Code

Rights

Peruse

P

Read permission on the attribute; may be limited by record restrictions

Read

R

Read permission on the attribute

Write

W

Read and write permissions on the attribute

Example attribute permission groups

The current permission codes would result in the following example attribute permission groups:

  • AUSTIN-User-Single11-Read - the members are allowed to read the utexasEduAustinSingle11 attribute on users

  • AUSTIN-OU-Multi12-Write - the members are allowed to read and write the utexasEduAustinMulti12 attribute on OUs

 

Confluence Documentation | Web Privacy Policy | Web Accessibility