Access Control Points grant and restrict access to one or more objects in the Directory. You can create multiple ACPs to address different access issues for entries in the subtree underneath the ACP.

To create an ACP:

1. Click Access Control Points in the Navigator pane. The paths and subtree ACPs defined for this server appear in the right pane.

2. To create a new ACP from scratch, click the Create button in the toolbar.
   • Specify the entry path, then click the Create button in the Structural Access Items area to define Entry Filter, By Whom, and Access Rights parameters for structural access. Filters further restrict an Access Control Point by adding to the set of conditions that must be satisfied by entries that are granted access. If the Subtree Filter value is not satisfied, then the entry is not a candidate. This could be any attribute-value pair typed as a Boolean expression, for example:
     
     (& (Salary > 100000) (Costcenter = H89) )
     
     You can specify different types of equalities in this field. For help with filter syntax, refer to Filter Syntax .
     

   • Click the Create button in the Content Access Items area to define Entry Filter, By Whom, Attributes, and Access Permission items for content access.

3. To create a new ACP by copying and modifying an existing ACP, either double click it or select it, then click the Create-Like button in the toolbar. Proceed as explained in Step 2, changing the values shown to what you want. However, you will not be able to change the Entry Path while editing.

4. If you change your mind in this construction process, click the Revert button to restore the original values.

5. Click the OK button to save your new ACP.