This chapter explains how to configure access control for Oracle Virtual Directory and includes the following sections:
Section 16.1, "Creating Access Control Lists Using Oracle Directory Services Manager"
Section 16.2, "Managing Access Control Lists Using Oracle Directory Services Manager"
Perform the following steps to create an ACL using Oracle Directory Services Manager:
Note:
If two ACLs differ only by their grant/deny property, the resulting permission will be a deny regardless of the order in which the ACLs are added. For example, the following two ACLs will result in a deny for Search(s) and Read(r) of all attributes for public:deny:s,r#[all]#public: grant:s,r#[all]#public:
Log in to Oracle Directory Services Manager.
Select Security from the task selection bar. The Access Control Point navigation tree appears listing the existing Access Control Points.
Click the Create button. The new ACL dialog box appears.
Identify the Access Control Point for the new ACL by entering the DN where you want to apply the new ACL in the DN field.
Configure the scope of the new ACL by selecting either entry or subtree from the Scope list. Selecting entry applies the new ACL only at the Access Control Point DN entry in the virtual tree. Selecting subtree applies the new ACL at the Access Control Point DN entry and all the entries in the subtree below it.
Click the Create button in the Structural Access Items (Entry Level Operations) area to create access policy for the entries in the virtual directory tree. The Structural Access configuration dialog box appears.
Click the Permissions tab and perform the following to set the entry permissions for the access policy:
To explicitly grant access for an entry permission, select Grant from the Access Type list and select the permissions you want to grant access to.
To explicitly deny access for an entry permission, select Deny from the Access Type list and select the permissions you want to deny access to.
Click the By Whom tab and perform the following to set to whom the entry access policy applies:
Select the subject of the ACL from the By Whom list.
Enter the DN or IP address of the in the DN or IP Address field if you chose Specific DN or IP Address from the By Whom list.
Click the OK button to save the Structural Access Items (Entry Level Operations) settings. The new entry access policy appears in the Structural Access Items (Entry Level Operations) table.
Click the Create button in the Content Access Items (Attribute Level Operations) area to create access policy for the attributes of the entry. The Content Access configuration dialog box appears.
Click the Target tab and select the attributes from the Attribute list that the access policy applies to. Selecting * applies the access policy to all attributes.
Click the Permissions tab and perform the following to set the attribute permissions for the access policy:
To explicitly grant access for an attribute permission, select Grant from the Access Type list and select the permissions you want to grant access to.
To explicitly deny access for an attribute permission, select Deny from the Access Type list and select the permissions you want to deny access to.
Click the By Whom tab and perform the following to set to whom the attribute access policy applies:
Select the subject of the ACL from the By Whom list.
Enter the DN or IP address of the in the DN or IP Address field if you chose Specific DN or IP Address from the By Whom list.
Click the OK button to save the Content Access Items (Attribute Level Operations) settings. The new attribute access policy appears in the Content Access Items (Attribute Level Operations) table.
This section explains how to manage ACLs using Oracle Directory Services Manager and contains the following sections:
Perform the following steps to edit an existing ACL using Oracle Directory Services Manager:
Log in to Oracle Directory Services Manager.
Select Security from the task selection bar. The Access Control Point navigation tree appears listing the existing ACLs.
Click the ACL you want to edit in the tree. The settings for the ACL appear.
Click the Subtree Access tab or the Local Access tab.
Select the attribute you want to edit and click the Edit button (pencil).
When the Edit dialog is displayed, edit the ACL attributes as desired, and then click the OK button to save your changes.
When you are finished editing ACL attributes, click Apply.
Perform the following steps to delete an existing Access Control List (ACL) using Oracle Directory Services Manager:
Log in to Oracle Directory Services Manager.
Select Security from the task selection bar. The Access Control Point navigation tree appears listing all the existing ACLs.
Click the ACL in the tree that contains the entry you want to delete. The settings for the ACL appear.
Click the entry in the ACL you want to delete.
Click the Delete button. The Delete dialog box appears asking you to confirm deleting the entry.
Click Delete on the Delete dialog box to delete the entry.
Click the Apply button on the ACL settings screen to apply the updated ACL.