Self-Writable NETID User Attributes


Background

Self write permissions are the ability for a user to directly modify attributes on their own account. This ability assumes the user has an application which knows how to modify attributes using their user credentials. Out of the box, Microsoft by default enables Self Write permissions for a set of user attributes. These permissions are set as explicit ACEs by default at user creation time per schema definition of the user objectclass. Three ACEs which "allow SELF write" permission are set. Each of these ACEs is listed below along with the associated attributes affected. Currently, NETID does not set any additional Self Write permissions on user attributes other than the default set detailed below.

Guidance

It is possible to write to some of your own user NETID user attributes. In general, we don't recommend this, and we don't make any promises that attributes that you can write to won't become a managed user attribute at some point in the future. However, the ability to write to some of these user attributes may enable functionality that is important to you that we don't yet provide centrally via managed user attributes or via the NETID User Support mechanism.

Allow SELF Write Personal Information

aCSPolicyName assistant c facsimileTelephoneNumber homePhone homePostalAddress info internationalISDNNumber ipPhone l mobile mSMQDigests mSMQSignCertificates otherFacsimileTelephoneNumber otherHomePhone otherIpPhone otherMobile otherPager otherTelephone pager personalTitle physicalDeliveryOfficeName postalAddress postalCode postOfficeBox preferredDeliveryMethod primaryInternationalISDNNumber primaryTelexNumber registeredAddress st street streetAddress telephoneNumber teletexTerminalIdentifier telexNumber thumbnailPhoto userCert userCertificate userSharedFolder userSharedFolderOther userSMIMECertificate x121Address

Allow SELF Write Phone and Mail Options

No attributes affected.

Allow SELF Write Web Information

url wWWHomePage