-------------------------------------------------------------------------------------------------------------
dn: $rootSuffix # # consolidate # aci: (targetattr != “nsroledn || aci || nsLookThroughLimit || nsSizeLimit || nsTimeLimit || nsIdleTimeout || passwordPolicySubentry || passwordExpirationTime || passwordExpWarned || passwordRetryCount || retryCountResetTime || accountUnlockTime || passwordHistory || passwordAllowChangeTime”) (version 3.0; acl “Allow self entry modification except for nsroledn, aci, resource limit attributes, passwordPolicySubentry and password policy state attributes”; allow (write) userdn =”ldap:///self”;)
작업: 통합
이 접미어에 자체적으로 액세스할 필요는 없습니다. 이 ACI는 복제되며 루트 접미어의 자체 ACI에 통합될 수 있습니다.
------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # retain # aci: (targetattr = “*”) (version 3.0; acl “Configuration Administrator”; allow (all) userdn = “ldap:///uid=admin, ou=Administrators, ou=TopologyManagement,o=NetscapeRoot”;)
작업: 유지
slapd-config 인스턴스에 대한 PTA(Pass-Through Authentication)를 통해 인증되는 “admin” 사용자입니다. 모든 구성이 명령줄 유틸리티를 사용하여 Directory Manager로 수행될 경우 이 ACI는 필요 없습니다. 콘솔에 대해 이 사용자 권한으로 인증해야 하는 경우에는 이 ACI를 여기에 보관할 수 있습니다. 비슷한 ACI를 제거할 수 있습니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (targetattr =”*”) (version 3.0;acl “Configuration Administrators Group”; allow (all) (groupdn = “ldap:///cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=NetscapeRoot”);)
작업: 모든 DB 백엔드에서 삭제
서버 관리 권한 위임에 콘솔이 사용되는 경우에 권한을 갖는 “Configuration Administrators” 그룹입니다.
------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (targetattr =”*”) (version 3.0;acl “Directory Administrators Group”; allow (all) (groupdn = “ldap:///cn=Directory Administrators, $rootSuffix”);)
작업: 모든 DB 백엔드에서 삭제
일반적인 “Directory Administrators” 그룹 권한 정의입니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (targetattr = “*”) (version 3.0; acl “SIE Group”; allow (all) groupdn = “ldap:///cn=slapd-whater, cn=Sun ONE Directory Server, cn=Server Group, cn=whater.red.iplanet.com, ou=red.iplanet.com, o=NetscapeRoot”;)
작업: 모든 DB 백엔드에서 삭제
콘솔/관리 서버 관련 그룹 권한 정의입니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# retain # aci: (target=”ldap:///$rootSuffix”) (targetattr=”*”) (version 3.0; acl “S1IS Proxy user rights”; allow (proxy) userdn = “ldap:///cn=puser,ou=DSAME Users,$rootSuffix”; )
작업: 유지
이 ACI는 Access Manager 시스템 사용자에 대한 액세스 권한을 부여합니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # retain # aci: (target=”ldap:///$rootSuffix”) (targetattr=”*”) (version 3.0; acl “S1IS special dsame user rights for all under the root suffix”; allow (all) userdn = “ldap:///cn=dsameuser,ou=DSAME Users,$rootSuffix”; )
작업: 유지
이 ACI는 Access Manager 시스템 사용자에 대한 액세스 권한을 부여합니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # retain # aci: (target=”ldap:///$rootSuffix”)(targetattr=”*”)| (version 3.0;acl “S1IS special ldap auth user rights”; allow (read,search) userdn = “ldap:///cn=amldapuser,ou=DSAME Users,$rootSuffix”; )
작업: 유지
이 ACI는 Access Manager 시스템 사용자에 대한 액세스 권한을 부여합니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (target=”ldap:///cn=amldapuser,ou=DSAME Users,$rootSuffix”) (targetattr = “*”) (version 3.0; acl “S1IS special ldap auth user modify right”; deny (write) roledn != “ldap:///cn=Top-level Admin Role,$rootSuffix”;)
작업: 삭제
이 ACI는 최상위 관리자(TLA)가 amldapuser 계정을 수정할 수 없게 합니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # retain # aci: (target=”ldap:///$rootSuffix”) (targetattr=”*”) (version 3.0; acl “S1IS Top-level admin rights”; allow (all) roledn = “ldap:///cn=Top-level Admin Role,$rootSuffix”; )
작업: 유지
이 ACI는 최상위 관리자 역할에 대한 액세스 권한을 부여합니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (targetattr=”iplanet-am-saml-user || iplanet-am-saml-password”) (targetfilter=”(objectclass=iplanet-am-saml-service)”) (version 3.0; acl “S1IS Right to modify saml user and password”; deny (all) (roledn != “ldap:///cn=Top-level Admin Role,$rootSuffix”) AND (userdn != “ldap:///cn=dsameuser,ou=DSAME Users,$rootSuffix”) AND (userdn != “ldap:///cn=puser,ou=DSAME Users,$rootSuffix”); )
작업: 삭제
이 ACI는 SAML 관련 속성을 보호합니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (target=”ldap:///$rootSuffix”) (targetfilter=(!(nsroledn=cn=Top-level Admin Role,$rootSuffix))) (targetattr = “*”) (version 3.0; acl “S1IS Top-level Help Desk Admin Role access allow”; allow (read,search) roledn = “ldap:///cn=Top-level Help Desk Admin Role,$rootSuffix”;)
작업: 삭제
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (target=”ldap:///$rootSuffix”) (targetfilter=(!(nsroledn=cn=Top-level Admin Role,$rootSuffix))) (targetattr = “userPassword”) (version 3.0; acl “S1IS Top-level Help Desk Admin Role access allow”; allow (write) roledn = “ldap:///cn=Top-level Help Desk Admin Role,$rootSuffix”;)
작업: 삭제
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: target=”ldap:///$rootSuffix”) (targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,$rootSuffix)))) (targetattr = “*”) (version 3.0; acl “S1IS Top-level Policy Admin Role access allow”; allow (read,search) roledn = “ldap:///cn=Top-level Policy Admin Role,$rootSuffix”;)
작업: 삭제
이 ACI는 최상위 정책 관리 역할과 관련이 있습니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (target=”ldap:///ou=iPlanetAMAuthService,ou=services,*$rootSuffix”) (targetattr = “*”) (version 3.0; acl “S1IS Top-level Policy Admin Role access Auth Service deny”; deny (add,write,delete) roledn = “ldap:///cn=Top-level Policy Admin Role,$rootSuffix”;)
작업: 삭제
이 ACI는 최상위 정책 관리 역할과 관련이 있습니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (target=”ldap:///ou=services,*$rootSuffix”) (targetattr = “*”) (version 3.0; acl “S1IS Top-level Policy Admin Role access allow”; allow (all) roledn = “ldap:///cn=Top-level Policy Admin Role,$rootSuffix”;)
작업: 삭제
이 ACI는 최상위 정책 관리 역할과 관련이 있습니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (target=”ldap:///$rootSuffix”) (targetfilter=”(objectclass=sunismanagedorganization)”) (targetattr = “sunRegisteredServiceName”) (version 3.0; acl “S1IS Top-level Policy Admin Role access allow”; allow (read,write,search) roledn = “ldap:///cn=Top-level Policy Admin Role,$rootSuffix”;)
작업: 삭제
이 ACI는 최상위 정책 관리 역할과 관련이 있습니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # consolidate # aci: (targetattr = “*”) (version 3.0; acl “S1IS Deny deleting self”; deny (delete) userdn =”ldap:///self”;)
작업: 단일 자체 쓰기 ACI로 통합. 최종 사용자는 자신을 비롯하여 어떤 항목도 삭제할 권한이 없으므로 명시적 거부는 필요하지 않습니다.
자체 권한을 설정하는 ACI 중 하나입니다. 명시적 거부는 임의의 항목이 스스로 삭제되지 않게 합니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # consolidate # aci: (targetattr = “objectclass || inetuserstatus || iplanet-am-user-login-status || iplanet-am-web-agent-access-allow-list || iplanet-am-domain-url-access-allow || iplanet-am-web-agent-access-deny-list || iplanet-am-user-account-life || iplanet-am-session-max-session-time || iplanet-am-session-max-idle-time || iplanet-am-session-get-valid-sessions || iplanet-am-session-destroy-sessions || iplanet-am-session-add-session-listener-on-all-sessions || iplanet-am-user-admin-start-dn || iplanet-am-auth-post-login-process-class”) (targetfilter=(!(nsroledn=cn=Top-level Admin Role,$rootSuffix))) (version 3.0; acl “S1IS User status self modification denied”; deny (write) userdn =”ldap:///self”;)
작업: 단일 자체 쓰기 ACI로 통합
자체 쓰기 권한을 설정하는 ACI 중 하나입니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # consolidate # aci: (targetattr != “iplanet-am-static-group-dn || uid || nsroledn || aci || nsLookThroughLimit || nsSizeLimit || nsTimeLimit || nsIdleTimeout || memberOf || iplanet-am-web-agent-access-allow-list || iplanet-am-domain-url-access-allow || iplanet-am-web-agent-access-deny-list”) (version 3.0; acl “S1IS Allow self entry modification except for nsroledn, aci, and resource limit attributes”; allow (write) userdn =”ldap:///self”;)
작업: 단일 자체 쓰기 ACI로 통합
권한을 설정하는 ACI 중 하나입니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # consolidate # aci: (targetattr != “aci || nsLookThroughLimit || nsSizeLimit || nsTimeLimit || nsIdleTimeout || iplanet-am-domain-url-access-allow”) (version 3.0; acl “S1IS Allow self entry read search except for nsroledn, aci, resource limit and web agent policy attributes”; allow (read,search) userdn =”ldap:///self”;)
작업: 단일 자체 쓰기 ACI로 통합
자체 쓰기 권한을 설정하는 ACI 중 하나입니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # consolidate # aci: (target=”ldap:///ou=services,$rootSuffix”) (targetfilter=(!(objectclass=sunServiceComponent))) (targetattr = “*”) (version 3.0; acl “S1IS Services anonymous access”; allow (read, search, compare) userdn = “ldap:///anyone”;)
작업: 단일 익명 ACI로 통합
익명 권한을 부여하는 ACI 중 하나입니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # consolidate # aci: (target=”ldap:///ou=iPlanetAMAdminConsoleService,*,$rootSuffix”) (targetattr = “*”) (version 3.0; acl “S1IS iPlanetAMAdminConsoleService anonymous access”; allow (read, search, compare) userdn = “ldap:///anyone”;)
작업: 단일 익명 ACI로 통합
익명 권한을 부여하는 ACI 중 하나입니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (target=”ldap:///$rootSuffix”) (targetfilter=(entrydn=$rootSuffix)) (targetattr=”*”) (version 3.0; acl “S1IS Default Organization delete right denied”; deny (delete) userdn = “ldap:///anyone”; )
작업: 삭제
이 ACI는 rootdn 이외의 사용자가 기본 조직을 삭제할 수 없게 합니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (target=”ldap:///cn=Top-level Admin Role,$rootSuffix”) (targetattr=”*”) (version 3.0; acl “S1IS Top-level admin delete right denied”; deny(delete) userdn = “ldap:///anyone”; )
작업: 삭제
이 ACI는 rootdn 이외의 사용자가 TLA 역할을 삭제할 수 없게 합니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (targetattr = “*”) (version 3.0; acl “S1IS Deny write to anonymous user”; deny (add,write,delete) roledn =”ldap:///cn=Deny Write Access,$rootSuffix”;)
작업: 삭제
이 ACI는 쓰기 액세스 거부 역할과 관련이 있습니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (target=”ldap:///($dn),$rootSuffix”) (targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,$rootSuffix) (nsroledn=cn=Top-level Help Desk Admin Role,$rootSuffix) (nsroledn=cn=Top-level Policy Admin Role,$rootSuffix)))) (targetattr != “nsroledn”) (version 3.0; acl “S1IS Container Admin Role access allow”; allow (all) roledn = “ldap:///cn=Container Admin Role,[$dn],$rootSuffix”;)
작업: 삭제
이 ACI는 컨테이너 관리 역할과 관련이 있습니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (target=”ldap:///cn=Container Admin Role,($dn),$rootSuffix”) (targetattr=”*”) (version 3.0; acl “S1IS Container Admin Role access deny”; deny (write,add,delete,compare,proxy) roledn = “ldap:///cn=Container Admin Role,($dn),$rootSuffix”;)
작업: 삭제
이 ACI는 컨테이너 관리 역할과 관련이 있습니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (target=”ldap:///ou=People,$rootSuffix”) (targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,$rootSuffix) (nsroledn=cn=Top-level Help Desk Admin Role,$rootSuffix) (nsroledn=cn=Top-level Policy Admin Role,$rootSuffix) (nsroledn=cn=Organization Admin Role,$rootSuffix) (nsroledn=cn=Container Admin Role,$rootSuffix)))) (targetattr != “iplanet-am-web-agent-access-allow-list || iplanet-am-domain-url-access-allow || iplanet-am-web-agent-access-deny-list || nsroledn”) (version 3.0; acl “S1IS Group and people container admin role”; allow (all) roledn = “ldap:///cn=ou=People_dc=red_dc=iplanet_dc=com,$rootSuffix”;)
작업: 삭제
이 ACI는 그룹 및 사람 컨테이너 관리 역할과 관련이 있습니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (extra verses dreambig) (target=”ldap:///$rootSuffix”) (targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,$rootSuffix) (nsroledn=cn=Top-level Help Desk Admin Role,$rootSuffix) (nsroledn=cn=Top-level Policy Admin Role,$rootSuffix) (nsroledn=cn=Organization Admin Role,$rootSuffix)))) (targetattr = “*”) (version 3.0; acl “S1IS Organization Help Desk Admin Role access allow”; allow (read,search) roledn = “ldap:///cn=Organization Help Desk Admin Role,$rootSuffix”;)
작업: 삭제
이 ACI는 조직 도움말 데스크 관리 역할과 관련이 있습니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (target=”ldap:///$rootSuffix”) (targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,$rootSuffix) (nsroledn=cn=Top-level Help Desk Admin Role,$rootSuffix) (nsroledn=cn=Top-level Policy Admin Role,$rootSuffix) (nsroledn=cn=Organization Admin Role,$rootSuffix)))) (targetattr = “userPassword”) (version 3.0; acl “S1IS Organization Help Desk Admin Role access allow”; allow (write) roledn = “ldap:///cn=Organization Help Desk Admin Role,$rootSuffix”;)
작업: 삭제
이 ACI는 조직 도움말 데스크 관리 역할과 관련이 있습니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # consolidate # aci: (different name - “allow all” instead of “allow”) (target=”ldap:///($dn),$rootSuffix”) (targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,$rootSuffix) (nsroledn=cn=Top-level Help Desk Admin Role,$rootSuffix) (nsroledn=cn=Top-level Policy Admin Role,$rootSuffix)))) (targetattr != “nsroledn”) (version 3.0; acl “S1IS Organization Admin Role access allow all”; allow (all) roledn =”ldap:///cn=Organization Admin Role,[$dn],$rootSuffix”;)
작업: 통합
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # consolidate # aci: (target=”ldap:///cn=Organization Admin Role,($dn),$rootSuffix”) (targetattr=”*”) (version 3.0; acl “S1IS Organization Admin Role access deny”; deny (write,add,delete,compare,proxy) roledn = “ldap:///cn=Organization Admin Role,($dn),$rootSuffix”;)
작업: 통합
이 ACI는 조직 관리 역할과 관련이 있습니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # consolidate # aci: (missing) (target=”ldap:///($dn),$rootSuffix”) (targetattr=”*”) (version 3.0; acl “Organization Admin Role access allow read to org node”; allow (read,search) roledn = “ldap:///cn=Organization Admin Role,($dn),$rootSuffix” ;)
작업: 통합
이 ACI는 조직 관리 역할과 관련이 있습니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # consolidate # aci: (target=”ldap:///($dn),$rootSuffix”) (targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,$rootSuffix) (nsroledn=cn=Top-level Help Desk Admin Role,$rootSuffix)))) (targetattr != “nsroledn”) (version 3.0; acl “Organization Admin Role access allow”; allow (all) roledn = “ldap:///cn=Organization Admin Role,[$dn],$rootSuffix”;)
작업: 통합
이 ACI는 조직 관리 역할과 관련이 있습니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # consolidate # aci: (target=”ldap:///($dn),$rootSuffix”) (targetattr!=”businessCategory || description || facsimileTelephoneNumber || postalAddress || preferredLanguage || searchGuide || postOfficeBox || postalCode || registeredaddress || street || l || st || telephonenumber ||maildomainreportaddress || maildomainwelcomemessage || preferredlanguage || sunenablegab”) (version 3.0; acl “Organization Admin Role access deny to org node”; deny (write,add,delete) roledn = “ldap:///cn=Organization Admin Role,($dn),$rootSuffix” ;)
작업: 통합
이 ACI는 조직 관리 역할과 관련이 있습니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # consolidate # aci: (target=”ldap:///($dn),$rootSuffix”) (targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,$rootSuffix) (nsroledn=cn=Top-level Help Desk Admin Role,$rootSuffix)))) (targetattr != “nsroledn”) (version 3.0; acl “S1IS Organization Admin Role access allow all”; allow (all) roledn = “ldap:///cn=Organization Admin Role,[$dn],$rootSuffix”;)
작업: 통합
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # # discard # aci: (target=”ldap:///$rootSuffix”) (targetattr!=”nsroledn”) (version 3.0; acl “S1IS Group admin’s right to the users he creates”; allow (all) userattr = “iplanet-am-modifiable-by#ROLEDN”;)
작업: 삭제
이 ACI를 없애면 iplanet-am-modifiable-by 속성과 관련된 권한이 비활성화됩니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # consolidate # aci: (target=”ldap:///$rootSuffix”) (targetattr=”*”) (version 3.0; acl “Messaging Server End User Administrator Read Access Rights - product=SOMS,schema 2 support,class=installer,num=1,version=1”; allow (read,search) groupdn=”ldap:///cn=Messaging End User Administrators Group, ou=Groups, $rootSuffix”;)
작업: 통합
이 ACI는 메시징 최종 사용자 관리자 그룹에 대한 권한을 부여합니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # consolidate # aci: (target=”ldap:///$rootSuffix”) (targetattr=”objectclass||mailalternateaddress||mailautoreplymode ||mailprogramdeliveryinfo||nswmextendeduserprefs||preferredlanguage ||maildeliveryoption||mailforwardingaddress ||mailAutoReplyTimeout||mailautoreplytextinternal||mailautoreplytext ||vacationEndDate||vacationStartDate||mailautoreplysubject||pabURI ||maxPabEntries||mailMessageStore||mailSieveRuleSource||sunUCDateFormat ||sunUCDateDeLimiter||sunUCTimeFormat”) (version 3.0; acl “Messaging Server End User Adminstrator Write Access Rights - product=SOMS,schema 2 support,class=installer,num=2,version=1”; allow (all) groupdn=”ldap:///cn=Messaging End User Administrators Group, ou=Groups, $rootSuffix”;)
작업: 통합
이 ACI는 메시징 최종 사용자 관리자 그룹에 대한 권한을 부여합니다.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # consolidate # aci: (targetattr=”uid||ou||owner||mail||mailAlternateAddress ||mailEquivalentAddress||memberOf ||inetuserstatus||mailuserstatus||memberOfManagedGroup||mailQuota ||mailMsgQuota||inetSubscriberAccountId||dataSource||mailhost ||mailAllowedServiceAcces||pabURI||inetCOS||mailSMTPSubmitChannel ||aci”) (targetfilter=(&(objectClass=inetMailUser)(!(nsroledn=cn=Organization Admin Role,*)))) (version 3.0; acl “Deny write access to users over Messaging Server protected attributes - product=SOMS,schema 2 support,class=installer,num=3,version=1 “; deny (write) userdn = “ldap:///self”;)
작업: 통합
이것은 자체 권한을 설정하는 ACI 중 하나입니다.
-------------------------------------------------------------------------------------------------------------