cd /opt/oracle/domains/osbdev1do/servers/osbdev1ms1/data/ldap/ldapfiles less EmbeddedLDAP.data search for wlsbjmsrpDataSource
you will find the policy:
<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" PolicyId="urn:bea:xacml:2.0:entitlement:resource:type@E@Fjndi@G@M@Oapplication@E@M@Opath@E@VwlsbjmsrpDataSource@W" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"><Description>Rol(ALSBSystem) | Rol(Admin)</Description><Target><Resources><Resource><ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">type=<jndi>, application=, path={wlsbjmsrpDataSource}</AttributeValue><ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor-or-self" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/></ResourceMatch></Resource></Resources></Target><Rule RuleId="primary-rule" Effect="Permit"><Condition><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or"><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ALSBSystem</AttributeValue><SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="http://www.w3.org/2001/XMLSchema#string"/></Apply><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Admin</AttributeValue><SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="http://www.w3.org/2001/XMLSchema#string"/></Apply></Apply></Condition></Rule><Rule RuleId="deny-rule" Effect="Deny"></Rule></Policy>
so if you are using the GridLink http://www.oracle.com/technetwork/articles/gridlink-rac-488352.zip monitoring application, you should make sure it runs with a technical id which is Admin or ALSBSystem .
No comments:
Post a Comment