Discussion:
Set permissions on user attributes?
(too old to reply)
j***@gmail.com
2008-02-15 00:03:17 UTC
Permalink
We have a new tool that our users can use to reset their passwords.
It includes security questions. The answers to the questions are
stored (encrypted) in extensionAttribute1, 2, and 3. Right now, all
users can view these attributes for any user. How do I set it so that
the attributes are not readable by everyone? Thanks.

John
Adam
2008-02-18 22:55:38 UTC
Permalink
Post by j***@gmail.com
We have a new tool that our users can use to reset their passwords.
It includes security questions. The answers to the questions are
stored (encrypted) in extensionAttribute1, 2, and 3. Right now, all
users can view these attributes for any user. How do I set it so that
the attributes are not readable by everyone? Thanks.
You set permissions on the attributes for the objects.

You do this by adding Access Control Entries to the ACL for the object,
but masking the entires with a property flag (ADS_RIGHT_DS_WRITE_PROP
etc) and specifying the GUID for the relevant attribute you're changing
the permission on as the ObjectType

http://msdn2.microsoft.com/en-us/library/aa705951(VS.85).aspx

ADSI Edit is a useful tool while developing the code to do this.

Loading...