From 1269a7c2e037f971944b974144e42aec3db37d64 Mon Sep 17 00:00:00 2001
From: Chris Ridd <chris.ridd@forgerock.com>
Date: Mon, 03 Jun 2013 09:24:49 +0000
Subject: [PATCH] Fix OPENDJ-895 Document ACIs and privileges required for basic LDAP operations Improve wording after a review with Jean-Noël.

---
 opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-privileges-acis.xml |   25 ++++++++++++-------------
 1 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-privileges-acis.xml b/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-privileges-acis.xml
index 9b00e65..ac10d27 100644
--- a/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-privileges-acis.xml
+++ b/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-privileges-acis.xml
@@ -605,10 +605,10 @@
     <varlistentry>
      <term>Add</term>
      <listitem>
-      <para>ACI is only required to allow the <literal>add</literal> permission
-      to entries in the target. This implicitly allows the attributes and values
-      to be set. Use <literal>targetattrfilters</literal> to explicitly deny
-      access to the values if required.</para>
+      <para>The ACI must allow the <literal>add</literal> permission to entries
+      in the target. This implicitly allows the attributes and values to be set.
+      Use <literal>targetattrfilters</literal> to explicitly deny access to any
+      values if required.</para>
       <para>For example, the ACI required to allow
       <literal>uid=bjensen,ou=People,dc=example,dc=com</literal> to add an entry
       is:</para>
@@ -632,8 +632,8 @@
     <varlistentry>
      <term>Compare</term>
      <listitem>
-      <para>ACI is required to allow the <literal>compare</literal> permission
-      to the attribute in the target entry.</para>
+      <para>The ACI must allow the <literal>compare</literal> permission to the
+      attribute in the target entry.</para>
       <para>For example, the ACI required to allow
       <literal>uid=bjensen,ou=People,dc=example,dc=com</literal> to compare
       values against the <literal>sn</literal> attribute is:</para>
@@ -646,11 +646,10 @@
     <varlistentry>
      <term>Delete</term>
      <listitem>
-      <para>ACI is only required to allow the <literal>delete</literal>
-      permission to the target entry. This implicitly allows the attributes and
-      values in the target to be deleted. Use
-      <literal>targetattrfilters</literal> to explicitly deny access to the
-      values if required.</para>
+      <para>The ACI must allow the <literal>delete</literal> permission to the
+      target entry. This implicitly allows the attributes and values in the
+      target to be deleted. Use <literal>targetattrfilters</literal> to
+      explicitly deny access to the values if required.</para>
       <para>For example, the ACI required to allow
       <literal>uid=bjensen,ou=People,dc=example,dc=com</literal> to delete an
       entry is:</para>
@@ -662,8 +661,8 @@
     <varlistentry>
      <term>Modify</term>
      <listitem>
-      <para>ACI is only required to allow the <literal>write</literal>
-      permission to attributes in the target entries. This implicitly allows all
+      <para>The ACI must allow the <literal>write</literal> permission to
+      attributes in the target entries. This implicitly allows all
       values in the target attribute to be modified. Use
       <literal>targetattrfilters</literal> to explicitly deny access to specific
       values if required.</para>

--
Gitblit v1.10.0