Novell Documentation: Identity Manager Drivers

B.7 範例 ACL 項目標籤

acl-entry-enable-role 和 acl-entry-disable-role 標籤值需要 ACL 記錄中所定義的角色清單。這兩個標籤值亦接受 [[ALL]] 標籤，表示使用 ACL 記錄中的所有角色。

您可以選取具有字串 acl-entry-enable-role=“[[ALL]]” 的所有角色。這相當於 names.nsf 的 acl-entry-enable-role=“[GroupCreator] [GroupModifier] [NetCreator] [NetModifier] [PolicyCreator] [PolicyModifier] [PolicyReader] [ServerCreator] [ServerModifier] [UserCreator] [UserModifier]”。

您可以取消選取具有字串 acl-entry-disable-role=“[[ALL]]” 的所有角色。這相當於 names.nsf 的 acl-entry-disable-role=“[GroupCreator] [GroupModifier] [NetCreator] [NetModifier] [PolicyCreator] [PolicyModifier] [PolicyReader] [ServerCreator] [ServerModifier] [UserCreator] [UserModifier]”。

B.7.1 提交 ACLEntry 參數的新增事件規則

提交 ACLEntry 參數的範例「新增事件」規則：

<rule> <description>Apply ACL entry attributes to ADD events</description> <conditions> <or disabled="true"> <if-operation op="equal">add</if-operation> </or> </conditions> <actions> <do-set-xml-attr expression="../add" name="acl-entry-public-reader"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../add" name="acl-entry-public-writer"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../add" name="acl-entry-level"> <arg-string> <token-text>MANAGER</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../add" name="acl-entry-user-type"> <arg-string> <token-text>PERSON</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../add" name="acl-entry-enable-role"> <arg-string> <token-text>[[ALL]]</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../add" name="acl-entry-disable-role"> <arg-string> <token-text xml:space="preserve">[NetCreator] [NetModifier]</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../add" name="acl-entry-can-create-documents"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../add" name="acl-entry-can-create-ls-or-java-agent"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../add" name="acl-entry-can-create-personal-agent"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../add" name="acl-entry-can-create-personal-folder"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../add" name="acl-entry-can-create-shared-folder"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../add" name="acl-entry-can-delete-documents"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../add" name="acl-entry-can-replicate-or-copy-documents"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> </actions> </rule>

B.7.2 提交至 Notes 驅動程式 Shim 的新增事件 ACLEntry 標籤

包含提交至 Notes 驅動程式 Shim 之 ACLEntry 標籤的範例「新增事件」：

<nds dtdversion="2.0" ndsversion="8.x"> <source> <product version="2.0.5.51 ">Identity Manager</product> <contact>Novell, Inc.</contact> </source> <input> <add acl-entry-can-create-documents="true" acl-entry-can-create-ls-or-java-agent="true" acl-entry-can-create-personal-agent="true" acl-entry-can-create-personal-folder="true" acl-entry-can-create-shared-folder="true" acl-entry-can-delete-documents="true" acl-entry-can-replicate-or-copy-documents="true" acl-entry-enable-role="[[ALL]]" acl-entry-level="MANAGER" acl-entry-public-reader="true" acl-entry-public-writer="true" acl-entry-user-type="PERSON" certify-user="true" class-name="Person" create-mail="true" dest-dn="CN=DaffyDuck/OU=sales/O=novell" drv-param-cert-id="sales-cert-id-file" drv-param-cert-pwd="sales-cert-id-password" event-id="MYSERVER-NDS#20040920214955#1#1" expire-term="2" mail-acl-manager-name="CN=Notes Driver/O=novell" qualified-src-dn="O=DirXML\OU=Notes\OU=Users\OU=sales\CN=DaffyDuck" src-dn="\mytree\DirXML\Notes\Users\sales\DaffyDuck" src-entry-id="39862"> <add-attr attr-name="FullName"> <value naming="true" timestamp="1095716982#20" type="string">DaffyDuck</value> </add-attr> <add-attr attr-name="LastName"> <value timestamp="1095716982#3" type="string">Duck</value> </add-attr> <add-attr attr-name="FirstName"> <value timestamp="1095716995#1" type="string">Daffy</value> </add-attr> <add-attr attr-name="InternetAddress"> <value>DaffyDuck@novell.com</value> </add-attr> </add> </input> </nds>

B.7.3 範例修改事件規則

以下的範例「修改事件」規則會將 ACLEntry 參數提交至 Notes 驅動程式 Shim：

<rule> <description>Apply ACL entry attributes to MODIFY events</description> <conditions> <or disabled="true"> <if-operation op="equal">modify</if-operation> </or> </conditions> <actions> <do-set-xml-attr expression="../modify" name="acl-entry-public-reader"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-public-writer"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-level"> <arg-string> <token-text>MANAGER</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-user-type"> <arg-string> <token-text>PERSON</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-enable-role"> <arg-string> <token-text>[[ALL]]</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-disable-role"> <arg-string> <token-text xml:space="preserve">[NetCreator] [NetModifier]</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-can-create-documents"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-can-create-ls-or-java-agent"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-can-create-personal-agent"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-can-create-personal-folder"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-can-create-shared-folder"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-can-delete-documents"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-can-replicate-or-copy-documents"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> </actions> </rule>

B.7.4 提交至 Notes 驅動程式 Shim 的修改事件

以下所顯示的「修改事件」包含提交至 Notes 驅動程式 Shim 的 ACLEntry 標籤。

<nds dtdversion="2.0" ndsversion="8.x"> <source> <product version="2.0.5.51 ">Identity Manager</product> <contact>Novell, Inc.</contact> </source> <input> <modify acl-entry-can-create-documents="true" acl-entry-can-create-ls-or-java-agent="true" acl-entry-can-create-personal-agent="true" acl-entry-can-create-personal-folder="true" acl-entry-can-create-shared-folder="true" acl-entry-can-delete-documents="true" acl-entry-can-replicate-or-copy-documents="true" acl-entry-disable-role="[NetCreator] [NetModifier]" acl-entry-enable-role="[[ALL]]" acl-entry-level="MANAGER" acl-entry-public-reader="true" acl-entry-public-writer="true" acl-entry-user-type="PERSON" class-name="Person" event-id="MYSERVER-NDS#20040920215410#1#1" qualified-src-dn="O=DirXML\OU=Notes\OU=Users\OU=sales\CN=DaffyDuck" src-dn="\mytree\DirXML\Notes\Users\sales\DaffyDuck" src-entry-id="39862" timestamp="1095717426#2"> <association state="associated">BE64D2CAAB6EADD987256F150077EF7B</association> <modify-attr attr-name="OfficePhoneNumber"> <remove-value> <value timestamp="1095717250#1" type="teleNumber">444-4444</value> </remove-value> <add-value> <value timestamp="1095717426#2" type="teleNumber">555-1212</value> </add-value> </modify-attr> </modify> </input> </nds>