About Security Queries

Restriction: This topic applies only when the Enterprise Server feature is enabled.

During applications processing and the running of the Directory Server, Enterprise Server submits security queries to the External Security Facility (ESF), to verify that a user or system action is authorized. The ESF generates the appropriate API call and forwards this request to each configured security manager in turn.

The most common security queries are:

A successful verify query establishes a security context (such as a session logon) within which further operations are performed. If the user or application performs subsequent operations outside this context, further authorization calls are made to check that he or she has appropriate authorization.

The verify query is used only by MF Directory Server. It implements more modern discretionary access controls (DACs). Permissions are separate from one another. For example, a user can have write access but not read access to a resource.