Skip Navigation Links | |
Exit Print View | |
Oracle Fusion Middleware Administration Guide for Oracle Unified Directory 11g Release 1 (11.1.1) |
1. Starting and Stopping the Server
2. Configuring the Server Instance
3. Configuring the Proxy Components
4. Configuring Security Between Clients and Servers
5. Configuring Security Between the Proxy and the Data Source
6. Managing Oracle Unified Directory With Oracle Directory Services Manager
Managing Global ACIs With dsconfig
Managing Access Control With Oracle Directory Services Manager
Create an Access Control Point
Create an Access Control Point Based on an Existing Access Control Point
Delete an Access Control Point
Granting Write Access to Personal Entries
Granting Write Access Based on DNS
Granting Write Access Based on Authentication Method
Granting a Group Full Access to a Suffix
Granting Rights to Add and Delete Group Entries
Allowing Users to Add or Remove Themselves From a Group
Granting Conditional Access to a Group
Defining Permissions for DNs That Contain a Comma
The Get Effective Rights Control
Using the Get Effective Rights Control
Understanding Effective Rights Results
write, selfwrite_add, and selfwrite_delete Permissions
Restricting Access to the Get Effective Rights Control
10. Managing Users and Groups With dsconfig
11. Managing Password Policies
You can use ODSM to view the existing ACIs that are configured in the server, to create new access control points, and to create new ACIs in a user-friendly interface. The following topics described how to manage access control by using ODSM.
Oracle Unified Directory supports several preconfigured ACIs, by default. You can display all ACIs that are configured in the server by using ODSM, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Directory ACLs element.
All configured ACIs are listed under the access control point in which the ACI is defined. Expand the access control point to view the ACIs. For example, to display the list of ACIs that apply to the Root entry, expand the Root entry.
Select an ACI to view its properties in the right hand pane.
An access control point is the entry in which an ACI is defined (in other words, the entry that contains the corresponding aci attribute.
You can define a new access control point by using ODSM, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Directory ACLs element.
Click the Add icon.
In the Location field, enter the DN of the entry that will be the new access control point, or click Select to select the entry from the directory.
To add one or more ACIs to the access control point, click Create ACI.
Enter the ACI details. For more information about these fields, see Add an ACI.
When you have added the required ACIs to the access control point, click Create.
You can define a new access control point that is based on an existing access control point by using ODSM, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Directory ACLs element.
Select the access control point on which you want to base the new access control point.
Click the Add like icon.
In the Location field, enter the DN of the entry that will be the new access control point, or click Select to select the entry from the directory.
The new access control point is automatically created with the same ACL as the access control point on which it was based.
To add, remove, or edit the existing ACIs on the new access control point, click Create, Edit or Delete.
To add or edit an ACI, enter the required details. For more information about these fields, see Add an ACI.
When you have modified the ACIs for the new access control point, click Create.
You can delete an access control point by using ODSM, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Directory ACLs element.
Select the access control point that you want to delete and click the Delete icon.
Click OK to confirm the deletion.
You can add an ACI to an existing access control point, by using ODSM as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Directory ACLs element.
Expand the access control point to which you want to add the new ACI.
Select one of the ACIs in the access control list.
Click the Add icon.
To build the ACI in a user friendly interface, select the Detail View tab.
Select the Scope of the ACI.
Usually an ACI has subtree scope. You can restrict the scope of the ACI by selecting one of the following values:
Base. The ACI applies to the target resource only.
One. The ACI applies to the target resource's first-generation children.
Subtree. The ACI applies to the target resource and the subtree below it.
Subordinate. The ACI applies only to the subtree below the target resource.
In the Targets field, select each element of the ACI and click Edit to define its properties.
For more information about defining ACI targets, see Defining Targets in Oracle Fusion Middleware Architecture Reference for Oracle Unified Directory.
In the Permissions field, click the Add icon to define bind rules.
For more information about defining ACI permissions, see Defining Permissions in Oracle Fusion Middleware Architecture Reference for Oracle Unified Directory.
If you would rather define the ACI manually, click the Text Editor View tab and enter the details of the ACI.
Click Validate to check that the ACI conforms to the ACI syntax.
You can also use this view to copy and paste existing ACIs.
When you have completed the ACI definition, click Create.
You can add an ACI that is based on an existing ACI, by using ODSM as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Directory ACLs element.
Expand the access control point that contains the ACI that you want to copy.
Select the ACI that you want to copy.
Click the Add like icon.
Edit the elements of the ACI that you want to change, either in Text Editor View or in Detail View.
When you have completed the ACI definition, click Create.
You can modify an existing ACI, by using ODSM as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Directory ACLs element.
Expand the access control point that contains the ACI that you want to change
Select the ACI that you want to change.
Edit the elements of the ACI, either in Text Editor View or in Detail View.
When you have completed your changes, click Apply.