Hi, if you explicitely deny access to everyone you cannot override this foe a single user as deny always has precedence. But if your only aci, be sure there are no others, is granting access to a single user as the default for all the others is an implicite deny. Regards, Ludwig ----- Original Message ----- From: "James Chamberlain" <jamesc@xxxxxxx> To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx Sent: Monday, November 19, 2012 8:07:29 PM Subject: ACI for single user access I'm trying to figure out how to write an ACI which would allow one user to read a particular branch of the directory, but deny all others. If I specify it as two rules - one denying access to everyone, the other granting access to this user - no one can read that branch. If I specify it as a single rule, that this user can read this branch, it's not imposing any new restrictions and everyone can read the branch. I've tried reading the documentation and didn't see this example listed. Can anyone point me in the right direction? Thanks, James -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
