The Extended Schema Authentication mechanism supports Privilege Accumulation from different privilege objects associated with the same user through different Association Objects. In other words, Extended Schema Authentication accumulates privileges to allow the user the super set of all assigned privileges corresponding to the different privilege objects associated with the same user.
The following figure provides an example of accumulating privileges using Extended Schema.
The figure shows two Association Objects—A01 and A02. User1 is associated to iDRAC72 through both association objects.
Extended Schema Authentication accumulates privileges to allow the user the maximum set of privileges possible considering the assigned privileges of the different privilege objects associated to the same user.
In this example, User1 has both Priv1 and Priv2 privileges on iDRAC72. User1 has Priv1 privileges on iDRAC71 only. User2 has Priv1 privileges on both iDRAC71 and iDRAC72. In addition, this figure shows that User1 can be in a different domain and can be a member of a group.