Oracle Fusion Middleware Administration Guide for Oracle Directory Server Enterprise Edition

ACI “Delete Group”

In LDIF, to grant employees the right to modify or delete a group entry of the group to which they belong under the ou=Social Committee branch, you would write the following statement:

aci: (targetattr = "*") (targattrfilters="del=objectClass:
 (version 3.0; acl "Delete Group"; allow (write,delete)

This example assumes that the aci is added to the ou=Social Committee,dc=example,dc=com entry.

Note that to use DSCC to create this ACI is not very effective because you have to use manual editing mode to create the target filter and to check group ownership.