>1. RBAC should have a "host" field - not sure where it would be best >kept in, exec_attr, prof_attr, user_attr.
If you use LDAP, you can specify a serviceSearchDescriptors for each database accessed. The SSD should include an LDAP filter to specify which database is seen on the client. As an example for the passwd database; you can assign a groupMembership to the user and filter by this attribute serviceSearchDescriptor=passwd:o=organisation?sub?groupMembership=cn=production for production systems or serviceSearchDescriptor=passwd:o=organisation?sub?groupMembership=cn=test for test systems This can be done for every database. Mika # mv Disclaimer.txt /dev/null ------------------------------------------------------------------------- This message is intended for the addressee only and may contain confidential or privileged information. If you are not the intended receiver, any disclosure, copying to any person or any action taken or omitted to be taken in reliance on this e-mail, is prohibited and may be un- lawful. You must therefore delete this e-mail. Internet communications may not be secure or error-free and may contain viruses. They may be subject to possible data corruption, accidental or on purpose. This e-mail is not and should not be construed as an offer or the solicitation of an offer to purchase or subscribe or sell or redeem any investments. -------------------------------------------------------------------------
