The OnDemand Services components authenticate to eDirectory through the OnDemand Administrator (ODSAdmin) object. The table below summarizes all trustee rights required by ODSAdmin.
During installation, ODSAdmin is assigned Supervisor rights to the company root container. As long as any of the other objects listed in the table reside beneath the company root container, ODSAdmin will have the required rights. Otherwise, you need to manually assign the rights.
Company root container |
[Entry Rights] - Browse
[All Attributes Rights] - Compare, Read |
The company root container (as defined on the OnDemandService object) and all subcontainers. |
User containers |
[Entry Rights] - Browse, Create
[All Attributes Rights] - Compare, Read, Write |
All containers where User objects reside. |
Catalog container |
[Entry Rights] - Browse, Create
[All Attributes Rights] - Read, Compare |
The catalog root container (as defined on the OnDemandService object) and all subcontainers. |
Application objects containers |
[Entry Rights] - Browse
[All Attributes Rights] - Compare, Read, Write |
All containers where Application objects (ZfD and DeFrame) reside. |
Commerce Item objects containers |
[Entry Rights] - Browse
[All Attributes Rights] - Compare, Read |
All containers where Commerce Item (Web application) objects reside. |
iChain ACL Rule objects |
[Entry Rights] - Browse, Create
[All Attributes Rights] - Compare, Read, Write |
All iChain ACL rules that control access to OnDemand Services Web applications. |
OnDemandService object |
[Entry Rights] - Browse
[All Attributes Rights] - Compare, Read |
|
Cost Center objects |
[Entry Rights] - Browse
[All Attributes Rights] - Compare, Read, Write |
All cost center (Organizational Role) objects |
