The acl-entry-enable-role and acl-entry-disable-role tag values require a list of the roles that are defined in the ACL record. They also accept the [[ALL]] tag, which indicates using all of the roles defined in the ACL record.
You can select all roles with the string acl-entry-enable-role=“[[ALL]]”. This is equivalent to acl-entry-enable-role=“[GroupCreator] [GroupModifier] [NetCreator] [NetModifier] [PolicyCreator] [PolicyModifier] [PolicyReader] [ServerCreator] [ServerModifier] [UserCreator] [UserModifier]” for names.nsf.
You can deselect all roles with the string acl-entry-disable-role=“[[ALL]]”. This is equivalent to acl-entry-disable-role=“[GroupCreator] [GroupModifier] [NetCreator] [NetModifier] [PolicyCreator] [PolicyModifier] [PolicyReader] [ServerCreator] [ServerModifier] [UserCreator] [UserModifier]” for names.nsf.
To view sample code for the ADD Event policy rule to submit ACLEntry parameters, see setsyncdbacladd.xml. You can use or modify the code sample for your own XML solutions.
Below is a sample showing the Add Event containing ACLEntry tags as they are submitted to the Notes Driver shim:
<nds dtdversion="2.0" ndsversion="8.x"> <source> <product version="2.0.5.51 ">Identity Manager</product> <contact>Novell, Inc.</contact> </source> <input> <add acl-entry-can-create-documents="true" acl-entry-can-create-ls-or-java-agent="true" acl-entry-can-create-personal-agent="true" acl-entry-can-create-personal-folder="true" acl-entry-can-create-shared-folder="true" acl-entry-can-delete-documents="true" acl-entry-can-replicate-or-copy-documents="true" acl-entry-enable-role="[[ALL]]" acl-entry-level="MANAGER" acl-entry-public-reader="true" acl-entry-public-writer="true" acl-entry-user-type="PERSON" certify-user="true" class-name="Person" create-mail="true" dest-dn="CN=DaffyDuck/OU=sales/O=novell" drv-param-cert-id="sales-cert-id-file" drv-param-cert-pwd="sales-cert-id-password" event-id="MYSERVER-NDS#20040920214955#1#1" expire-term="2" mail-acl-manager-name="CN=Notes Driver/O=novell" qualified-src-dn="O=DirXML\OU=Notes\OU=Users\OU=sales\CN=DaffyDuck" src-dn="\mytree\DirXML\Notes\Users\sales\DaffyDuck" src-entry-id="39862"> <add-attr attr-name="FullName"> <value naming="true" timestamp="1095716982#20" type="string">DaffyDuck</value> </add-attr> <add-attr attr-name="LastName"> <value timestamp="1095716982#3" type="string">Duck</value> </add-attr> <add-attr attr-name="FirstName"> <value timestamp="1095716995#1" type="string">Daffy</value> </add-attr> <add-attr attr-name="InternetAddress"> <value>DaffyDuck@novell.com</value> </add-attr> </add> </input> </nds>
Below is a sample Modify Event policy rule to submit ACLEntry parameters to the Notes Driver shim:
<rule> <description>Apply ACL entry attributes to MODIFY events</description> <conditions> <or disabled="true"> <if-operation op="equal">modify</if-operation> </or> </conditions> <actions> <do-set-xml-attr expression="../modify" name="acl-entry-public-reader"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-public-writer"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-level"> <arg-string> <token-text>MANAGER</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-user-type"> <arg-string> <token-text>PERSON</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-enable-role"> <arg-string> <token-text>[[ALL]]</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-disable-role"> <arg-string> <token-text xml:space="preserve">[NetCreator] [NetModifier]</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-can-create-documents"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-can-create-ls-or-java-agent"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-can-create-personal-agent"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-can-create-personal-folder"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-can-create-shared-folder"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-can-delete-documents"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../modify" name="acl-entry-can-replicate-or-copy-documents"> <arg-string> <token-text>true</token-text> </arg-string> </do-set-xml-attr> </actions> </rule>
Below shows the Modify Event containing ACLEntry tags as they are submitted to the Notes Driver shim:
<nds dtdversion="2.0" ndsversion="8.x"> <source> <product version="2.0.5.51 ">Identity Manager</product> <contact>Novell, Inc.</contact> </source> <input> <modify acl-entry-can-create-documents="true" acl-entry-can-create-ls-or-java-agent="true" acl-entry-can-create-personal-agent="true" acl-entry-can-create-personal-folder="true" acl-entry-can-create-shared-folder="true" acl-entry-can-delete-documents="true" acl-entry-can-replicate-or-copy-documents="true" acl-entry-disable-role="[NetCreator] [NetModifier]" acl-entry-enable-role="[[ALL]]" acl-entry-level="MANAGER" acl-entry-public-reader="true" acl-entry-public-writer="true" acl-entry-user-type="PERSON" class-name="Person" event-id="MYSERVER-NDS#20040920215410#1#1" qualified-src-dn="O=DirXML\OU=Notes\OU=Users\OU=sales\CN=DaffyDuck" src-dn="\mytree\DirXML\Notes\Users\sales\DaffyDuck" src-entry-id="39862" timestamp="1095717426#2"> <association state="associated">BE64D2CAAB6EADD987256F150077EF7B</association> <modify-attr attr-name="OfficePhoneNumber"> <remove-value> <value timestamp="1095717250#1" type="teleNumber">444-4444</value> </remove-value> <add-value> <value timestamp="1095717426#2" type="teleNumber">555-1212</value> </add-value> </modify-attr> </modify> </input> </nds>