test

Sun Java System Communications Services 6 2005Q4 Delegated Administrator 指南

AM 自身

-------------------------------------------------------------------------------------------------------------

#
# consolidate
#
aci:
(targetattr = “*”)
(version 3.0;
acl “S1IS Deny deleting self”;
deny (delete)
userdn =”ldap:///self”;)

動作︰合併為單一自我寫入 ACI。由於一般使用者沒有權限刪除任何項目 (包括其自身),因此不需要明確拒絕。

這是可以設定自身權限的 ACI 之一。明確拒絕將阻止所有項目刪除自身。

-------------------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------------------------------------

#
# consolidate
#
aci:
(targetattr = “objectclass || inetuserstatus 
|| iplanet-am-user-login-status
|| iplanet-am-web-agent-access-allow-list 
|| iplanet-am-domain-url-access-allow
|| iplanet-am-web-agent-access-deny-list || iplanet-am-user-account-life
|| iplanet-am-session-max-session-time || iplanet-am-session-max-idle-time
|| iplanet-am-session-get-valid-sessions 
|| iplanet-am-session-destroy-sessions
|| iplanet-am-session-add-session-listener-on-all-sessions 
|| iplanet-am-user-admin-start-dn
|| iplanet-am-auth-post-login-process-class”)
(targetfilter=(!(nsroledn=cn=Top-level Admin Role,$rootSuffix)))
(version 3.0; acl “S1IS User status self modification denied”;
deny (write)
userdn =”ldap:///self”;)

動作︰合併為單一自我寫入 ACI。

這是可以設定自我寫入權限的 ACI 之一。

-------------------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------------------------------------

#
# consolidate
#
aci:
(targetattr != “iplanet-am-static-group-dn || uid || nsroledn || aci 
|| nsLookThroughLimit || nsSizeLimit || nsTimeLimit || nsIdleTimeout 
|| memberOf || iplanet-am-web-agent-access-allow-list
|| iplanet-am-domain-url-access-allow 
|| iplanet-am-web-agent-access-deny-list”)
(version 3.0; acl “S1IS Allow self entry modification except for nsroledn,
aci, and resource limit attributes”;
allow (write)
userdn =”ldap:///self”;)

動作︰合併為單一自我寫入 ACI。

這是可以設定權限的 ACI 之一。

-------------------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------------------------------------

#
# consolidate
#
aci:
(targetattr != “aci || nsLookThroughLimit || nsSizeLimit || nsTimeLimit
|| nsIdleTimeout || iplanet-am-domain-url-access-allow”)
(version 3.0; acl “S1IS Allow self entry read search except for nsroledn,
aci, resource limit and web agent policy attributes”;
allow (read,search)
userdn =”ldap:///self”;)

動作︰合併為單一自我寫入 ACI。

這是可以設定自我寫入權限的 ACI 之一。

-------------------------------------------------------------------------------------------------------------