I have a group of users I need to give permission to modify a subset of
user accounts within an OU. I know I can create a group and assign that
group to role and then select an OU as the scope. All my current roles
are like that. However, is there a way to make the scope a subset of the
objects in an OU?

All the objects in the subset can be identified by a particular
attribute value.

celsolima's Profile: http://forums.novell.com/member.php?userid=1764
View this thread: http://forums.novell.com/showthread.php?t=452835