Privileges provide access control for server administration independently from access control instructions.
Directory root users, such as cn=Directory Manager,
are granted privileges in the following list and marked with an asterisk (*)
by default. Other administrator users can be assigned privileges, too.
backend-backup*-
Request a task to backup data
backend-restore*-
Request a task to restore data from backup
bypass-acl*-
Perform operations without regard to ACIs
bypass-lockdown*-
Perform operations without regard to lockdown mode
cancel-request*-
Cancel any client request
config-read*-
Read the server configuration
config-write*-
Change the server configuration
data-sync-
Perform data synchronization
disconnect-client*-
Close any client connection
jmx-notify-
Subscribe to JMX notifications
jmx-read-
Read JMX attribute values
jmx-write-
Write JMX attribute values
ldif-export*-
Export data to LDIF
ldif-import*-
Import data from LDIF
modify-acl*-
Change ACIs
password-reset*-
Reset other users' passwords
privilege-change*-
Change the privileges assigned to users
proxied-auth-
Use the Proxied Authorization control
server-lockdown*-
Put OpenDJ into, and take OpenDJ out of, lockdown mode
server-restart*-
Request a task to restart the server
server-shutdown*-
Request a task to stop the server
subentry-write*-
Perform LDAP subentry write operations
unindexed-search*-
Search using a filter with no correponding index
update-schema*-
Change OpenDJ schema definitions
* = default directory root user privileges
