Background
Self write permissions are the ability for a user to directly modify attributes on their own account. This ability assumes the user has an application which knows how to modify attributes using their user credentials. Out of the box, Microsoft by default enables Self Write permissions for a set of user attributes. These permissions are set as explicit ACEs by default at user creation time per schema definition of the user objectclass. Three ACEs which “allow SELF write” permission are set. Each of these ACEs is listed below along with the associated attributes affected.
Currently, NETID does not set any additional Self Write permissions on user attributes other than the default set detailed below.
Guidance
It is possible to write to some of your own user NETID user attributes. In general, we don’t recommend this, and we don’t make any promises that attributes that you can write to won’t become a managed user attribute at some point in the future. However, the ability to write to some of these user attributes may enable functionality that is important to you that we don’t yet provide centrally via managed user attributes or via the NETID User Support mechanism.
Allow SELF Write Personal Information
aCSPolicyName
assistant
c
facsimileTelephoneNumber
homePhone
homePostalAddress
info
internationalISDNNumber
ipPhone
l
mobile
mSMQDigests
mSMQSignCertificates
otherFacsimileTelephoneNumber
otherHomePhone
otherIpPhone
otherMobile
otherPager
otherTelephone
pager
personalTitle
physicalDeliveryOfficeName
postalAddress
postalCode
postOfficeBox
preferredDeliveryMethod
primaryInternationalISDNNumber
primaryTelexNumber
registeredAddress
st
street
streetAddress
telephoneNumber
teletexTerminalIdentifier
telexNumber
thumbnailPhoto
userCert
userCertificate
userSharedFolder
userSharedFolderOther
userSMIMECertificate
x121Address
Allow SELF Write Phone and Mail Options
No attributes affected.
Allow SELF Write Web Information
url
wWWHomePage