A
Oracle Voicemail & Fax Access Control Lists

This section provides an overview of access control list policies set for the telephony and wireless server components of Oracle Voicemail & Fax in Oracle Internet Directory. These directory access control lists are set in Oracle Internet Directory during the infrastructure installation phase.

This appendix contains the following topic:

• Telephony Process Access Control Lists

Telephony Process Access Control Lists

The

See Also: : Oracle Internet Directory Administrator's Guide for more information access control lists

The

The Oracle Voicemail & Fax LDAP schema and entries are installed during the installation of Oracle Internet Directory.

The UMContainer created under the products container stores Oracle Voicemail & Fax user and installation specific information.

The UMContainer and EmailserverContainer directory information trees because Oracle Voicemail & Fax user information is spread over both directory information trees. To achieve grant access for both directory information trees, a privilege group (AdminsGroup) is created both under the EmailServerContainer and UMContainer, with appropriate access control lists applied.

The UMAdminsGroup is a privilege group created to access the UMContainer directory information tree. Members of this group include the creator, UMContainer, and EMailAdminsGroup.

The EmailAdminsGroup must be created before the UMAdminsGroup. After the UMAdminsGroup is created, it becomes a member of the EmailAdminsGroup, enabling the Oracle Voicemail & Fax applications to access both containers.

The following access control lists are applied to the UMContainer to give applications access to the UMContainer and EMailContainer.

• The access control list for the group cn=iASAdmins, cn=Groups,%s_OracleContextDN% has browse, add, delete and proxy permissions. This is required for the iasadmins to be able to do a proxy to the UMContainer.
• The access control list for the group cn=UMAdminsGroup, cn=UMContainer,
cn=Products,%s_OracleContextDN% has browse, add, and delete permissions.
• The access control list for dn=*,cn=EMailServerContainer,cn=Products,
%s_OracleContextDN% has browse, add, delete, and proxy permissions.

  Note:: The %s_OracleContextDN% can be the root or the subscriber OracleContext.

Oracle Internet Directory Group Membership for UMAdminsGroup

The following table documents the group and permissions for the UMAdminsGroup:

Table A-1 UMAdminsGroup

Group	Permissions
cn=ComputerAdmins cn=Groups,%s_ OracleContextDN%	The addition of UMAdminsGroup to this group enables the Oracle Voicemail & Fax applications to create and access process entries under cn=Computers.
cn=UserProxyPrivile ge cn=Groups,%s_ OracleContextDN%	The addition of UMAdminsGroup to this group enables the Oracle Voicemail & Fax applications to proxy as the end user.

The addition of the UMAdminsGroup to the following group enables the Oracle Voicemail & Fax applications to create and access process entries under cn=Computers:

cn=ComputerAdmins, cn=Groups,%s_OracleContextDN%

The addition of UMAdminsGroup to the following group enables the Oracle Voicemail & Fax applications to do a proxy as the end users:

cn=UserProxyPrivilege, cn=Groups,%s_OracleContextDN%