Oracle Internet Directory Administrator's Guide Release 9.0.2 Part Number A95192-01 |
|
This appendix describes the format (syntax) of any access control item (ACI). It contains these topics:
The access control directive defined by the user attribute orclACI
has the following schema:
OrclACI:
{ object_identifier NAME 'orclACI' DESC 'Stores an inheritable ACI' EQUALITY
accessDirectiveMatch SYNTAX 'accessDirectiveDescription' USAGE
'directoryOperation'}
accessDirectiveDescription has the following BNF:
<accessDirectiveDescription> ::= access to <object> [by <subject> ( <accessList> )]+ <object> ::= [attr <EQ-OR-NEQ> ( * | (<attrList>) ) | entry] [filter=(<ldapFilter>)] <subject> ::= <entity> [<BindMode>] [Added-object-constraint=(<ldapFilter>)] <entity> ::= * | self | dn="<regex>" | dnAttr=(<dn_attribute>) | group="<dn>" | guidattr=(<guid_attribute>) | groupattr=(<group_attribute>) <BindMode> ::= | BindMode = Simple | BindMode = SSLNoauth | BindMode = SSLOneway | BindMode = SSLTwoway <accessList> ::= <access> | <access>, <accessList> <access> ::= none | compare | search | browse | proxy | read | selfwrite | write | add | delete | nocompare | nosearch | nobrowse | noproxy |noread | noselfwrite | nowrite | noadd | nodelete <attrList> ::= <attribute name> | <attribute name>,<attrList> <EQ-OR-NEQ> ::= = | != <regex> ::= <dn> | *,<dn_of_any_subtree_root>
The entry level access control directive defined by the user attribute orclEntryLevelACI
has the following schema:
"orclEntryLevelACI":
{ object_identifier NAME 'orclEntryLevelACI' DESC 'Stores entry level ACL Directive'
EQUALITY accessDirectiveMatch SYNTAX 'orclEntryLevelACIDescription'
USAGE 'directoryOperation' }
<orclEntryLevelACIDescription>
::= access to <object> [by <subject> ( <accessList> )]+
|
Copyright © 1999, 2002 Oracle Corporation. All Rights Reserved. |
|