How To Limit Access To Forms or Reports Resource Access Descriptors (RAD)
(Doc ID 1114653.1)
Last updated on OCTOBER 04, 2019
Applies to:
Oracle Internet Directory - Version 10.1.0.1.0 to 10.1.4.3 [Release Oracle10g to 10gR3]Information in this document applies to any platform.
Symptoms
Out of a total of 125k users only want selected users to be able to create a Resource Access Descriptor ( RAD) entry under DN: cn=extended properties,cn=oraclecontext,<realm>.
Any user in the default search base can access the application and it will create a RAD.
Attempted to place ACIs on each RAD user and on the cn=extended properties containers to limit access. While the following ACI did limit the creation of RADs, expected users were then unable to access the application.
orclaci: access to entry by group="cn=OracleResourceAccessGroup,cn=Groups,cn=OracleContext,dc=<COMPANY>,dc=com"
(browse,noadd,nodelete, noproxy) by group="cn=oraclemanageextendedpreferences,cn=Groups,cn=OracleContext,dc=<COMPANY>,dc=com"
********************************************
* (browse,add,delete, noproxy) by * (none) *
********************************************
orclaci: access to attr=(*) by group="cn=OracleResourceAccessGroup,cn=Groups,cn=OracleContext,dc=<COMPANY>,dc=com"
(search,read,nowrite,nocompare) by group="cn=oraclemanageextendedpreferences,cn=Groups,cn=OracleContext,dc=<COMPANY>,dc=com"
*&*****************************************
* (search,read,write,compare) by * (none) *
*******************************************
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |