Accumulating Privileges Using Extended Schema

The Extended Schema Authentication mechanism supports Privilege Accumulation from different privilege objects associated with the same user through different Association Objects. In other words, Extended Schema Authentication accumulates privileges to allow the user the super set of all assigned privileges corresponding to the different privilege objects associated with the same user.

Figure 7-2 provides an example of accumulating privileges using Extended Schema.

Figure 7-2. Privilege Accumulation for a User

Domain 1

Domain 2

iA01iA02

Group1 Priv1

Priv2

User1

User2

iDRAC1

iDRAC2

The figure shows two Association Objects—iA01 and iA02. User1 is associated to iDRAC2 through both association objects. Therefore, User1 has accumulated privileges that are the result of combining the privileges set for objects Priv1 and Priv2 on iDRAC2.

Using the iDRAC6 Directory Service

151

Page 151
Image 151
Dell IDRAC6 manual Accumulating Privileges Using Extended Schema, 151