頂層策略管理角色 (Sun Java System Communications Services 6 2005Q4 Delegated Administrator 指南)

Sun Java System Communications Services 6 2005Q4 Delegated Administrator 指南

頂層策略管理角色

-------------------------------------------------------------------------------------------------------------

#
# discard
#
aci:
target=”ldap:///$rootSuffix”)
(targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,$rootSuffix))))
(targetattr = “*”)
(version 3.0; acl “S1IS Top-level Policy Admin Role access allow”;
allow (read,search)
roledn = “ldap:///cn=Top-level Policy Admin Role,$rootSuffix”;)

動作︰捨棄。

此 ACI 適用於頂層策略管理角色。

-------------------------------------------------------------------------------------------------------------

#
# discard
#
aci:
(target=”ldap:///ou=iPlanetAMAuthService,ou=services,*$rootSuffix”)
(targetattr = “*”)
(version 3.0; acl “S1IS Top-level Policy Admin Role access Auth Service
deny”;
deny (add,write,delete)
roledn = “ldap:///cn=Top-level Policy Admin Role,$rootSuffix”;)

動作︰捨棄。

此 ACI 適用於頂層策略管理角色。

-------------------------------------------------------------------------------------------------------------

#
# discard
#
aci:
(target=”ldap:///ou=services,*$rootSuffix”)
(targetattr = “*”)
(version 3.0; acl “S1IS Top-level Policy Admin Role access allow”;
allow (all)
roledn = “ldap:///cn=Top-level Policy Admin Role,$rootSuffix”;)

動作︰捨棄。

此 ACI 適用於頂層策略管理角色。

-------------------------------------------------------------------------------------------------------------

#
# discard
#
aci:
(target=”ldap:///$rootSuffix”)
(targetfilter=”(objectclass=sunismanagedorganization)”)
(targetattr = “sunRegisteredServiceName”)
(version 3.0; acl “S1IS Top-level Policy Admin Role access allow”;
allow (read,write,search)
roledn = “ldap:///cn=Top-level Policy Admin Role,$rootSuffix”;)

動作︰捨棄。

此 ACI 適用於頂層策略管理角色。

-------------------------------------------------------------------------------------------------------------