EntryOwner Information
The entryOwner information controls the subjects that define the ACLs and also acquires complete access to the target object.
The following attributes define entry ownership:
- entryOwner - Explicitly defines an entry owner.
- ownerPropagate - Specifies whether the permission set is propagated to the subtree descendant entries.
The entry owners have access to perform any operation on the object regardless of the aclEntry. In addition to this, only the entry owners are permitted to administer the aclEntries for a particular object. The EntryOwner is an access control subject which, can be defined as individuals, groups, or roles.
Note: The directory administrator and local administration group members,
who are assigned the DirDataAdmin role are the entryOwners for all
objects in the directory by default, and this entryOwnership cannot
be removed from any object.