Top-level Policy Admin Role
-------------------------------------------------------------------------------------------------------------
# # discard # aci: target=”ldap:///$rootSuffix”) (targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,$rootSuffix)))) (targetattr = “*”) (version 3.0; acl “S1IS Top-level Policy Admin Role access allow”; allow (read,search) roledn = “ldap:///cn=Top-level Policy Admin Role,$rootSuffix”;)
Action: Discard.
This ACI pertains to the Top-level Policy Admin role.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (target=”ldap:///ou=iPlanetAMAuthService,ou=services,*$rootSuffix”) (targetattr = “*”) (version 3.0; acl “S1IS Top-level Policy Admin Role access Auth Service deny”; deny (add,write,delete) roledn = “ldap:///cn=Top-level Policy Admin Role,$rootSuffix”;)
Action: Discard.
This ACI pertains to the Top-level Policy Admin role.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (target=”ldap:///ou=services,*$rootSuffix”) (targetattr = “*”) (version 3.0; acl “S1IS Top-level Policy Admin Role access allow”; allow (all) roledn = “ldap:///cn=Top-level Policy Admin Role,$rootSuffix”;)
Action: Discard.
This ACI pertains to the Top-level Policy Admin role.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (target=”ldap:///$rootSuffix”) (targetfilter=”(objectclass=sunismanagedorganization)”) (targetattr = “sunRegisteredServiceName”) (version 3.0; acl “S1IS Top-level Policy Admin Role access allow”; allow (read,write,search) roledn = “ldap:///cn=Top-level Policy Admin Role,$rootSuffix”;)
Action: Discard.
This ACI pertains to the Top-level Policy Admin role.
-------------------------------------------------------------------------------------------------------------
- © 2010, Oracle Corporation and/or its affiliates