My Oracle Support Banner

How To Limit Access To Forms or Reports Resource Access Descriptors (RAD) (Doc ID 1114653.1)

Last updated on OCTOBER 04, 2019

Applies to:

Oracle Internet Directory - Version to [Release Oracle10g to 10gR3]
Information in this document applies to any platform.


Out of a total of 125k users only want selected users to be able to create a Resource Access Descriptor ( RAD) entry under DN:  cn=extended properties,cn=oraclecontext,<realm>.

Any user in the default search base can access the application and it will create a RAD.

Attempted to place ACIs on each RAD user and on the cn=extended properties containers to limit access. While the following ACI did limit the creation of RADs,  expected users were then unable to access the application.

orclaci: access to entry by group="cn=OracleResourceAccessGroup,cn=Groups,cn=OracleContext,dc=<COMPANY>,dc=com"
(browse,noadd,nodelete, noproxy) by group="cn=oraclemanageextendedpreferences,cn=Groups,cn=OracleContext,dc=<COMPANY>,dc=com"
* (browse,add,delete, noproxy) by * (none) *
orclaci: access to attr=(*) by group="cn=OracleResourceAccessGroup,cn=Groups,cn=OracleContext,dc=<COMPANY>,dc=com"
(search,read,nowrite,nocompare) by group="cn=oraclemanageextendedpreferences,cn=Groups,cn=OracleContext,dc=<COMPANY>,dc=com"
* (search,read,write,compare) by * (none) *


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.