<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! [DirXML Entitlements] [1]
Conceptually, [DirXML Entitlements] is a named flag that causes a DirXML driver configuration to perform some arbitrary action that is usually related to granting access to some resource in a connected system. Entitlements (as embodied in Role-based Entitlements) have thus far been used for three basic actions: 
* Creating and deleting or enabling and disabling a connected-system account 
* adding/removing connected-system accounts group memberships
* adding/setting attribute values to connected-system accounts

!! [DirXML-Entitlement] [ObjectClass]
An entitlement is embodied in an eDirectory [DirXML-Entitlement|2.16.840.1.113719.1.14.6.1.2023] [ObjectClass], which is contained by a [DirXML-Driver] object. The containment of the [DirXML-Entitlement|2.16.840.1.113719.1.14.6.1.2023] [ObjectClass] establishes the correspondence between the entitlement and the implementing DirXML driver configuration. The DirXML-Entitlement object's name is the name of the entitlement. 

The XmlData attribute of the [DirXML-Entitlement|2.16.840.1.113719.1.14.6.1.2023] [ObjectClass] contains an XML document  whose root element is &lt;entitlement&gt;. We have some more [detailed information|Description-2.16.840.1.113719.1.14.6.1.2023] on how the XML structure is defined.

!! Granting and Revoking Entitlement ([DirXML-EntitlementRef|DirXML-EntitlementRef])
An entitlement is granted to and revoked from an eDirectory entry via the addition a value for the [DirXML-EntitlementRef|DirXML-EntitlementRef] attribute which is associated with the auxiliary class [DirXML-EntitlementRecipient|2.16.840.1.113719.1.14.6.1.2024] on an eDirectory entry.

The [DirXML-EntitlementRef|DirXML-EntitlementRef] attribute is of [SYN_PATH|2.16.840.1.113719.1.1.5.1.15] syntax and is [write-managed].

! Volume Element
The &quot;volume&quot; (or DN) portion of the path syntax value refers to the [DirXML-Entitlement] object. Because the attribute is write-managed, the agent setting the [DirXML-EntitlementRef] attribute value on an eDirectory object must have write access to the [DirXML-EntitlementRef|DirXML-EntitlementRef] attribute on the object that is being written to and must also have write access to the ACL attribute on the [DirXML-Entitlement] object that is referred to by the DN portion of the [DirXML-EntitlementRef|DirXML-EntitlementRef] value. 

! Path Element
The &quot;path&quot; (or string) portion of the [DirXML-EntitlementRef|DirXML-EntitlementRef] attribute contains an XML document whose root element is &lt;ref&gt;. 

! namespace Element
The &quot;namespace&quot; (or integer) portion of the [DirXML-EntitlementRef|DirXML-EntitlementRef] attribute is used as a [bitmask] to hold a set of flags. 
Bit 0 of the 32-bit integer is used for this flag value and is known as the state bit where:
* 0 means revoked
* 1 means granted 

Bit 1 is used to flag a granted entitlement that is the result of the upgrade process and is known as the upgrade bit where:
* 1 means that the entitlement was previously granted in the legacy format and is therefore not a change in the entitlement state. 

Bits 2-31 are reserved for future use. 
! [DirXML-EntitlementResult|Description of Attribute Usage For 2.16.840.1.113719.1.14.4.1.2088] attribute
After the entitlement action (grant or revocation) has been completed (successfully or not) by the DirXML driver configuration, a result is written to the eDirectory object using the [DirXML-EntitlementResult|Description of Attribute Usage For 2.16.840.1.113719.1.14.4.1.2088] attribute. [DirXML-EntitlementResult|Description of Attribute Usage For 2.16.840.1.113719.1.14.4.1.2088] is a multi-valued [SYN_OCTET_STRING|1.3.6.1.4.1.1466.115.121.1.40] containing an XML document whose root element is &lt;result&gt;.


!! [Implementing Novell Entitlements in a Driver]
Some information on [Implementing Novell Entitlements in a Driver]

!! [Removing Novell Granted Entitlements]
We did some work where it was desired to [&quot;revoke&quot; all granted&quot; entitlements|Removing Novell Granted Entitlements] when various events took place on a user.

!! Entitlements and romResources
DirXML Entitlements are often encapsulates within a [romResource] for convenience.

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]


----
[#1] [http://developer.novell.com/documentation/dirxml/dirxmlbk/ref/dirxmlentitlements/index.html]
</pre>