How To Limit Access To Forms or Reports Resource Access Descriptors (RAD)

(Doc ID 1114653.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version: to - Release: 10gR2 to 10gR3
Information in this document applies to any platform.


Out of a total of 125k users only want selected users to be able to create a Resource Access Descriptor ( RAD) entry under DN:  cn=extended properties,cn=oraclecontext,<realm>.

Any user in the default search base can access the application and it will create a RAD.

Attempted to place ACIs on each RAD user and on the cn=extended properties containers to limit access. While the following ACI did limit the creation of RADs,  expected users were then unable to access the application.

orclaci: access to entry by group="cn=OracleResourceAccessGroup,cn=Groups,cn=OracleContext,dc=amer,dc=pfizer,dc=com"
(browse,noadd,nodelete, noproxy) by group="cn=oraclemanageextendedpreferences,cn=Groups,cn=OracleContext,dc=amer,dc=pfizer,dc=com"
* (browse,add,delete, noproxy) by * (none) *
orclaci: access to attr=(*) by group="cn=OracleResourceAccessGroup,cn=Groups,cn=OracleContext,dc=amer,dc=pfizer,dc=com"
(search,read,nowrite,nocompare) by group="cn=oraclemanageextendedpreferences,cn=Groups,cn=OracleContext,dc=amer,dc=pfizer,dc=com"
* (search,read,write,compare) by * (none) *


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms