Organization Policy Admin Role ACIs (Technical Note: Sun Java System Access Manager ACI Guide)

Technical Note: Sun Java System Access Manager ACI Guide

Organization Policy Admin Role ACIs

ACI 1 example:

aci=(target="ldap:///o=suborg,dc=iplanet,dc=com")
(targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,dc=iplanet,dc=com)
(nsroledn=cn=Top-level Help Desk Admin Role,dc=iplanet,dc=com)
(nsroledn=cn=Organization Admin Role,o=suborg,dc=iplanet,dc=com))))
(targetattr = "*")(version 3.0; acl "Organization Policy Admin access allow"; 
allow (read,search) 
roledn = "ldap:///cn=Organization Policy Admin Role,o=suborg,dc=iplanet,dc=com";) 
aci=(target="ldap:///ou=services,*o=suborg,dc=iplanet,dc=com")(targetattr = "*") 
(version 3.0; acl "Organization Policy Admin Role access allow"; allow (all) 
roledn = "ldap:///cn=Organization Policy Admin Role,o=suborg,dc=iplanet,dc=com";)

ACI 2 example:

aci=(target="ldap:///ou=iPlanetAMAuthService,ou=services,
*o=suborg,dc=iplanet,dc=com") (targetattr = "*") 
(version 3.0; acl "Organization Policy Admin Role access Auth Service deny"; 
deny (add,write,delete) 
roledn = "ldap:///cn=Organization Policy Admin Role,o=suborg,dc=iplanet,dc=com";

ACI 3 example:

aci=(target="ldap:///o=suborg,dc=iplanet,dc=com")
(targetfilter="(objectclass=sunmanagedorganization)") 
(targetattr = "sunRegisteredServiceName") 
(version 3.0; acl "Organization Policy Admin Role access allow"; 
allow (read,write,search) 
roledn = "ldap:///cn=Organization Policy Admin Role,o=suborg,dc=iplanet,dc=com";)