test

Sun Java System Communications Services 6 2005Q4 Delegated Administrator 指南

AM 自身

-------------------------------------------------------------------------------------------------------------

#
# consolidate
#
aci:
(targetattr = “*”)
(version 3.0;
acl “S1IS Deny deleting self”;
deny (delete)
userdn =”ldap:///self”;)

操作:合并为单个自写 ACI。由于最终用户不具有删除任何条目(包括其自身)的权限,因此无需显式拒绝。

这是若干用于设置自身权限的 ACI 之一。显式拒绝可阻止任何条目删除其自身。

-------------------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------------------------------------

#
# consolidate
#
aci:
(targetattr = “objectclass || inetuserstatus 
|| iplanet-am-user-login-status
|| iplanet-am-web-agent-access-allow-list 
|| iplanet-am-domain-url-access-allow
|| iplanet-am-web-agent-access-deny-list || iplanet-am-user-account-life
|| iplanet-am-session-max-session-time || iplanet-am-session-max-idle-time
|| iplanet-am-session-get-valid-sessions 
|| iplanet-am-session-destroy-sessions
|| iplanet-am-session-add-session-listener-on-all-sessions 
|| iplanet-am-user-admin-start-dn
|| iplanet-am-auth-post-login-process-class”)
(targetfilter=(!(nsroledn=cn=Top-level Admin Role,$rootSuffix)))
(version 3.0; acl “S1IS User status self modification denied”;
deny (write)
userdn =”ldap:///self”;)

操作:合并为单个自写 ACI。

这是若干用于设置自写权限的 ACI 之一。

-------------------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------------------------------------

#
# consolidate
#
aci:
(targetattr != “iplanet-am-static-group-dn || uid || nsroledn || aci 
|| nsLookThroughLimit || nsSizeLimit || nsTimeLimit || nsIdleTimeout 
|| memberOf || iplanet-am-web-agent-access-allow-list
|| iplanet-am-domain-url-access-allow 
|| iplanet-am-web-agent-access-deny-list”)
(version 3.0; acl “S1IS Allow self entry modification except for nsroledn,
aci, and resource limit attributes”;
allow (write)
userdn =”ldap:///self”;)

操作:合并为单个自写 ACI。

这是若干用于设置权限的 ACI 之一。

-------------------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------------------------------------

#
# consolidate
#
aci:
(targetattr != “aci || nsLookThroughLimit || nsSizeLimit || nsTimeLimit
|| nsIdleTimeout || iplanet-am-domain-url-access-allow”)
(version 3.0; acl “S1IS Allow self entry read search except for nsroledn,
aci, resource limit and web agent policy attributes”;
allow (read,search)
userdn =”ldap:///self”;)

操作:合并为单个自写 ACI。

这是若干用于设置自写权限的 ACI 之一。

-------------------------------------------------------------------------------------------------------------