-------------------------------------------------------------------------------------------------------------
# # discard # aci: (target=”ldap:///($dn),$rootSuffix”) (targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,$rootSuffix) (nsroledn=cn=Top-level Help Desk Admin Role,$rootSuffix) (nsroledn=cn=Top-level Policy Admin Role,$rootSuffix)))) (targetattr != “nsroledn”) (version 3.0; acl “S1IS Container Admin Role access allow”; allow (all) roledn = “ldap:///cn=Container Admin Role,[$dn],$rootSuffix”;)
Action: Discard.
This ACI pertains to the Container Admin Role.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (target=”ldap:///cn=Container Admin Role,($dn),$rootSuffix”) (targetattr=”*”) (version 3.0; acl “S1IS Container Admin Role access deny”; deny (write,add,delete,compare,proxy) roledn = “ldap:///cn=Container Admin Role,($dn),$rootSuffix”;)
Action: Discard.
This ACI pertains to the Container Admin Role.
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (target=”ldap:///ou=People,$rootSuffix”) (targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,$rootSuffix) (nsroledn=cn=Top-level Help Desk Admin Role,$rootSuffix) (nsroledn=cn=Top-level Policy Admin Role,$rootSuffix) (nsroledn=cn=Organization Admin Role,$rootSuffix) (nsroledn=cn=Container Admin Role,$rootSuffix)))) (targetattr != “iplanet-am-web-agent-access-allow-list || iplanet-am-domain-url-access-allow || iplanet-am-web-agent-access-deny-list || nsroledn”) (version 3.0; acl “S1IS Group and people container admin role”; allow (all) roledn = “ldap:///cn=ou=People_dc=red_dc=iplanet_dc=com,$rootSuffix”;)
Action: Discard.
This ACI pertains to the Group and People Container Admin Role.
-------------------------------------------------------------------------------------------------------------