I have a few queries regarding the user app and wondered how I would
achieve these points:

1. A user needs to be able to edit some of THEIR OWN attributes, some
should not be editable, but some should be read only. How do I achieve

2. When a manager logs in and searches for a user they should be able to
change certain attributes for users that they are the manager of, some
attributes should be read only and if they view a user that they are not
the manager of then they should not be able to change anything?

I would have thought that this would be configured within the Directory
Abstraction Layer but having investigated this my understanding is that
the ability to edit attributes is based on the logged in users ACLs
within the directory.

Please can some one provide a few details on this that has done this sort
of thing.