Novell Doc: Identity Manager Drivers

B.7 Sample ACL Entry Tags

The acl-entry-enable-role and acl-entry-disable-role tag values require a list of the roles that are defined in the ACL record. They also accept the [[ALL]] tag, which indicates using all of the roles defined in the ACL record.

You can select all roles with the string acl-entry-enable-role=“[[ALL]]”. This is equivalent to acl-entry-enable-role=“[GroupCreator] [GroupModifier] [NetCreator] [NetModifier] [PolicyCreator] [PolicyModifier] [PolicyReader] [ServerCreator] [ServerModifier] [UserCreator] [UserModifier]” for names.nsf.

You can deselect all roles with the string acl-entry-disable-role=“[[ALL]]”. This is equivalent to acl-entry-disable-role=“[GroupCreator] [GroupModifier] [NetCreator] [NetModifier] [PolicyCreator] [PolicyModifier] [PolicyReader] [ServerCreator] [ServerModifier] [UserCreator] [UserModifier]” for names.nsf.

B.7.1 ADD Event Policy Rule To Submit ACLEntry Parameters

Sample ADD Event policy rule to submit ACLEntry parameters:

<rule>
   <description>Apply ACL entry attributes to ADD events</description>
   <conditions>
	<or disabled="true">
	   <if-operation op="equal">add</if-operation>
	</or>
   </conditions>
   <actions>
	<do-set-xml-attr expression="../add" name="acl-entry-public-reader">
	   <arg-string>
		<token-text>true</token-text>
	   </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../add" name="acl-entry-public-writer">
	   <arg-string>
		<token-text>true</token-text>
	   </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../add" name="acl-entry-level">
	   <arg-string>
		<token-text>MANAGER</token-text>
	   </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../add" name="acl-entry-user-type">
	   <arg-string>
		<token-text>PERSON</token-text>
	   </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../add" name="acl-entry-enable-role">
	   <arg-string>
		<token-text>[[ALL]]</token-text>
	   </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../add" name="acl-entry-disable-role">
	   <arg-string>
		<token-text xml:space="preserve">[NetCreator] [NetModifier]</token-text>
	   </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../add" name="acl-entry-can-create-documents">
	    <arg-string>
		<token-text>true</token-text>
	    </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../add" name="acl-entry-can-create-ls-or-java-agent">
	   <arg-string>
		<token-text>true</token-text>
	   </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../add" name="acl-entry-can-create-personal-agent">
	   <arg-string>
		<token-text>true</token-text>
	   </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../add" name="acl-entry-can-create-personal-folder">
	   <arg-string>
		<token-text>true</token-text>
	   </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../add" name="acl-entry-can-create-shared-folder">
	   <arg-string>
		<token-text>true</token-text>
	   </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../add" name="acl-entry-can-delete-documents">
	   <arg-string>
		<token-text>true</token-text>
	   </arg-string>
	</do-set-xml-attr>
<do-set-xml-attr expression="../add" name="acl-entry-can-replicate-or-copy-documents">
	   <arg-string>
		<token-text>true</token-text>
	   </arg-string>
	</do-set-xml-attr>
   </actions>
</rule>

B.7.2 The Add Event ACLEntry Tags That Are Submitted To the Notes Driver Shim

Sample Add Event containing ACLEntry tags as they are submitted to the Notes Driver shim:

<nds dtdversion="2.0" ndsversion="8.x">
   <source>
	<product version="2.0.5.51 ">Identity Manager</product>
	<contact>Novell, Inc.</contact>
   </source>
   <input>
	<add acl-entry-can-create-documents="true" 
       acl-entry-can-create-ls-or-java-agent="true" 
       acl-entry-can-create-personal-agent="true" 
       acl-entry-can-create-personal-folder="true" 
       acl-entry-can-create-shared-folder="true" 
       acl-entry-can-delete-documents="true" 
       acl-entry-can-replicate-or-copy-documents="true" 
       acl-entry-enable-role="[[ALL]]" 
       acl-entry-level="MANAGER" 
       acl-entry-public-reader="true" 
       acl-entry-public-writer="true" 
       acl-entry-user-type="PERSON" 
       certify-user="true" 
       class-name="Person" 
       create-mail="true" 
       dest-dn="CN=DaffyDuck/OU=sales/O=novell" 
       drv-param-cert-id="sales-cert-id-file" 
       drv-param-cert-pwd="sales-cert-id-password" 
       event-id="MYSERVER-NDS#20040920214955#1#1" 
       expire-term="2" 
       mail-acl-manager-name="CN=Notes Driver/O=novell" 
       qualified-src-dn="O=DirXML\OU=Notes\OU=Users\OU=sales\CN=DaffyDuck" 
       src-dn="\mytree\DirXML\Notes\Users\sales\DaffyDuck" 
       src-entry-id="39862">
	   <add-attr attr-name="FullName">
		<value naming="true" timestamp="1095716982#20"
             type="string">DaffyDuck</value>
	   </add-attr>
	   <add-attr attr-name="LastName">
		<value timestamp="1095716982#3" type="string">Duck</value>
	   </add-attr>
	   <add-attr attr-name="FirstName">
		<value timestamp="1095716995#1" type="string">Daffy</value>
	   </add-attr>
   	   <add-attr attr-name="InternetAddress">
		<value>DaffyDuck@novell.com</value>
	   </add-attr>
	</add>
   </input>
</nds>

B.7.3 Sample Modify Event Policy Rule

Below is a sample Modify Event policy rule to submit ACLEntry parameters to the Notes Driver shim:

<rule>
   <description>Apply ACL entry attributes to MODIFY events</description>
   <conditions>
	<or disabled="true">
	   <if-operation op="equal">modify</if-operation>
	</or>
   </conditions>
   <actions>
	<do-set-xml-attr expression="../modify" name="acl-entry-public-reader">
	   <arg-string>
		<token-text>true</token-text>
	   </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../modify" name="acl-entry-public-writer">
	   <arg-string>
		<token-text>true</token-text>
	   </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../modify" name="acl-entry-level">
	   <arg-string>
		<token-text>MANAGER</token-text>
	   </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../modify" name="acl-entry-user-type">
	   <arg-string>
		<token-text>PERSON</token-text>
	   </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../modify" name="acl-entry-enable-role">
	   <arg-string>
		<token-text>[[ALL]]</token-text>
	   </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../modify" name="acl-entry-disable-role">
	   <arg-string>
		<token-text xml:space="preserve">[NetCreator] [NetModifier]</token-text>
	   </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../modify" name="acl-entry-can-create-documents">
	   <arg-string>
		<token-text>true</token-text>
	   </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../modify" name="acl-entry-can-create-ls-or-java-agent">
	   <arg-string>
		<token-text>true</token-text>
	   </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../modify" name="acl-entry-can-create-personal-agent">
	   <arg-string>
		<token-text>true</token-text>
	   </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../modify" name="acl-entry-can-create-personal-folder">
	    <arg-string>
		<token-text>true</token-text>
	   </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../modify" name="acl-entry-can-create-shared-folder">
	   <arg-string>
		<token-text>true</token-text>
	   </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../modify" name="acl-entry-can-delete-documents">
	   <arg-string>
		<token-text>true</token-text>
	   </arg-string>
	</do-set-xml-attr>
	<do-set-xml-attr expression="../modify" name="acl-entry-can-replicate-or-copy-documents">
	   <arg-string>
		<token-text>true</token-text>
	   </arg-string>
	</do-set-xml-attr>
   </actions>
</rule>

B.7.4 Modify Event As Submitted To the Notes Driver Shim

Below shows the Modify Event containing ACLEntry tags as they are submitted to the Notes Driver shim:

<nds dtdversion="2.0" ndsversion="8.x">
   <source>
	<product version="2.0.5.51 ">Identity Manager</product>
	<contact>Novell, Inc.</contact>
   </source>
   <input>
	<modify acl-entry-can-create-documents="true" 
       acl-entry-can-create-ls-or-java-agent="true" 
       acl-entry-can-create-personal-agent="true" 
       acl-entry-can-create-personal-folder="true" 
       acl-entry-can-create-shared-folder="true" 
       acl-entry-can-delete-documents="true" 
       acl-entry-can-replicate-or-copy-documents="true" 
       acl-entry-disable-role="[NetCreator] [NetModifier]" 
       acl-entry-enable-role="[[ALL]]" 
       acl-entry-level="MANAGER" 
       acl-entry-public-reader="true" 
       acl-entry-public-writer="true" 
       acl-entry-user-type="PERSON" class-name="Person" 
       event-id="MYSERVER-NDS#20040920215410#1#1" 
       qualified-src-dn="O=DirXML\OU=Notes\OU=Users\OU=sales\CN=DaffyDuck" 
       src-dn="\mytree\DirXML\Notes\Users\sales\DaffyDuck" 
       src-entry-id="39862" timestamp="1095717426#2">
	   <association state="associated">BE64D2CAAB6EADD987256F150077EF7B</association>
	   <modify-attr attr-name="OfficePhoneNumber">
		<remove-value>
		   <value timestamp="1095717250#1" type="teleNumber">444-4444</value>
		</remove-value>
		<add-value>
		   <value timestamp="1095717426#2" type="teleNumber">555-1212</value>
		</add-value>
	   </modify-attr>
	</modify>
   </input>
</nds>