amDelegation.xml revision 603127ad9e2004044a470da2bff769a9cf4dc773
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<?xml version="1.0" encoding="ISO-8859-1"?>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<!--
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The contents of this file are subject to the terms
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor of the Common Development and Distribution License
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor (the License). You may not use this file except in
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor compliance with the License.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor You can obtain a copy of the License at
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor https://opensso.dev.java.net/public/CDDLv1.0.html or
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor opensso/legal/CDDLv1.0.txt
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor See the License for the specific language governing
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor permission and limitations under the License.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor When distributing Covered Code, include this CDDL
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor Header Notice in each file and include the License file
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor at opensso/legal/CDDLv1.0.txt.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor If applicable, add the following below the CDDL Header,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor with the fields enclosed by brackets [] replaced by
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor your own identifying information:
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor "Portions Copyrighted [year] [name of copyright owner]"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor $Id: amDelegation.xml,v 1.15 2009/12/21 22:02:42 veiming Exp $
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor Portions copyright 2014 ForgeRock AS.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor-->
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
48c64aeceef385e19025b384bd719b2a9789592dnd<!DOCTYPE ServicesConfiguration
48c64aeceef385e19025b384bd719b2a9789592dnd PUBLIC "=//iPlanet//Service Management Services (SMS) 1.0 DTD//EN"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor "jar://com/sun/identity/sm/sms.dtd">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<ServicesConfiguration>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Service name="sunAMDelegationService" version="1.0">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Schema
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor i18nFileName="amDelegation"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor revisionNumber="30"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor i18nKey="">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Global>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeSchema name="SubjectIdTypes"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor type="list"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor syntax="string"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor i18nKey="">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <DefaultValues>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>ROLE</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>GROUP</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>FILTEREDROLE</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </DefaultValues>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </AttributeSchema>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <SubSchema name="Permissions">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <SubSchema name="Permission" inheritance="multiple">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeSchema name="resource" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeSchema name="actions" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </SubSchema>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </SubSchema>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <SubSchema name="Privileges">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <SubSchema name="Privilege" inheritance="multiple">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeSchema name="listOfPermissions" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeSchema name="defaultSubjectInLegacyMode" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </SubSchema>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </SubSchema>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </Global>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Organization>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <SubSchema name="Permissions">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <SubSchema name="Permission" inheritance="multiple">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeSchema name="resource" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeSchema name="actions" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </SubSchema>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </SubSchema>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <SubSchema name="Privileges">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <SubSchema name="Privilege" inheritance="multiple">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeSchema name="listOfPermissions" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeSchema name="defaultSubjectInLegacyMode" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </SubSchema>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </SubSchema>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </Organization>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Policy>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeSchema name="READ"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor type="single"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor syntax="boolean"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor uitype="radio"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor i18nKey="READ">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <IsResourceNameAllowed/>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <BooleanValues>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <BooleanTrueValue i18nKey="allow">allow</BooleanTrueValue>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <BooleanFalseValue i18nKey="deny">deny</BooleanFalseValue>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </BooleanValues>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </AttributeSchema>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeSchema name="MODIFY"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor type="single"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor syntax="boolean"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor uitype="radio"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor i18nKey="MODIFY">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <IsResourceNameAllowed/>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <BooleanValues>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <BooleanTrueValue i18nKey="allow">allow</BooleanTrueValue>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <BooleanFalseValue i18nKey="deny">deny</BooleanFalseValue>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </BooleanValues>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </AttributeSchema>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeSchema name="DELEGATE"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor type="single"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor syntax="boolean"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor uitype="radio"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor i18nKey="DELEGATE">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <IsResourceNameAllowed/>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <BooleanValues>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <BooleanTrueValue i18nKey="allow">allow</BooleanTrueValue>
4ed26c413f67a5aae20b95909828f30bb5dc2286poirier <BooleanFalseValue i18nKey="deny">deny</BooleanFalseValue>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </BooleanValues>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </AttributeSchema>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </Policy>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <PluginInterface
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor name="DelegationInterface"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor interface= "com.sun.identity.delegation.interfaces.DelegationInterface"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor i18nKey="sun-am-delegation-interface-name" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </Schema>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <PluginSchema
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor name="DelegationPolicyImpl"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor interfaceName= "DelegationInterface"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor className= "com.sun.identity.delegation.plugins.DelegationPolicyImpl"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor i18nKey="sun-am-delegation-policyimpl-name" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Configuration>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <GlobalConfiguration>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <SubConfiguration name="Permissions">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <SubConfiguration name="RealmAdmin" id="Permission">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Attribute name="resource" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>*REALM/*</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Attribute name="actions" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>READ</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>MODIFY</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>DELEGATE</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </SubConfiguration>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <SubConfiguration name="PolicyAdmin" id="Permission">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Attribute name="resource" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>*REALM/iPlanetAMPolicy*Service/*</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Attribute name="actions" />
4ed26c413f67a5aae20b95909828f30bb5dc2286poirier <Value>READ</Value>
4ed26c413f67a5aae20b95909828f30bb5dc2286poirier <Value>MODIFY</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>DELEGATE</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </SubConfiguration>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <SubConfiguration name="RealmReadOnly" id="Permission">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Attribute name="resource" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>*REALM/sunAMRealmService/*</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Attribute name="actions" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>READ</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </SubConfiguration>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <SubConfiguration name="DatastoresReadOnly" id="Permission">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Attribute name="resource" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>*REALM/sunIdentityRepositoryService/*</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Attribute name="actions" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>READ</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </SubConfiguration>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <SubConfiguration name="LogWrite" id="Permission">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Attribute name="resource" />
4ed26c413f67a5aae20b95909828f30bb5dc2286poirier <Value>*@SM_CONFIG_ROOT_SUFFIX@/iPlanetAMLoggingService/1.0/application/*</Value>
4ed26c413f67a5aae20b95909828f30bb5dc2286poirier </AttributeValuePair>
6d20aeba2c4aa0938bc6e0659d13adc7670ff421poirier <AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Attribute name="actions" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>MODIFY</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </SubConfiguration>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <SubConfiguration name="LogRead" id="Permission">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Attribute name="resource" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>*@SM_CONFIG_ROOT_SUFFIX@/iPlanetAMLoggingService/1.0/application/*</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Attribute name="actions" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>READ</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </SubConfiguration>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <SubConfiguration name="AgentsReadWrite" id="Permission">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Attribute name="resource" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>*REALM/sunIdentityRepositoryService/1.0/application/agent*</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Attribute name="actions" />
b41a0dbe6310c576e96b7ea6910051fd84fb06f5sf <Value>READ</Value>
b41a0dbe6310c576e96b7ea6910051fd84fb06f5sf <Value>MODIFY</Value>
b41a0dbe6310c576e96b7ea6910051fd84fb06f5sf <Value>DELEGATE</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </SubConfiguration>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <SubConfiguration name="SAML2Admin" id="Permission">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Attribute name="resource" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>*REALM/sunFMSAML2MetadataService/*</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Attribute name="actions" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>READ</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>MODIFY</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </SubConfiguration>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <SubConfiguration name="IDFFAdmin" id="Permission">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Attribute name="resource" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>*REALM/sunFMIDFFMetadataService/*</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Attribute name="actions" />
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>READ</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Value>MODIFY</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </SubConfiguration>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <SubConfiguration name="WSFederationAdmin" id="Permission">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <Attribute name="resource" />
50039065d571fe01fd458a3f031c995a1fd53c22rbowen <Value>*REALM/sunFMWSFederationMetadataService/*</Value>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </AttributeValuePair>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <AttributeValuePair>
<Attribute name="actions" />
<Value>READ</Value>
<Value>MODIFY</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="COTAdmin" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>*REALM/sunFMCOTConfigService/*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ</Value>
<Value>MODIFY</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="EntitlementAdmin" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>*REALM/sunEntitlementService/*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ</Value>
<Value>MODIFY</Value>
<Value>DELEGATE</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="EntitlementRESTDecision" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>@SM_CONFIG_ROOT_SUFFIX@/sunEntitlementService/1.0/application/ws/1/entitlement/decision</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="EntitlementRESTDecisions" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>@SM_CONFIG_ROOT_SUFFIX@/sunEntitlementService/1.0/application/ws/1/entitlement/decisions</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="EntitlementRESTEntitlement" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>@SM_CONFIG_ROOT_SUFFIX@/sunEntitlementService/1.0/application/ws/1/entitlement/entitlement</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="EntitlementRESTEntitlements" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>@SM_CONFIG_ROOT_SUFFIX@/sunEntitlementService/1.0/application/ws/1/entitlement/entitlements</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="EntitlementRESTPrivilegeWrite" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>@SM_CONFIG_ROOT_SUFFIX@/sunEntitlementService/1.0/application/ws/1/entitlement/privilege*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ</Value>
<Value>MODIFY</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="EntitlementRESTPrivilegeRead" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>@SM_CONFIG_ROOT_SUFFIX@/sunEntitlementService/1.0/application/ws/1/entitlement/privilege*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="RealmResourceRead" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>REALM/rest/1.0/realms/read</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="PolicyResourceRead" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>REALM/rest/1.0/policies/read</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="PolicyResourceModify" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>REALM/rest/1.0/policies/modify</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>MODIFY</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="PolicyResourceEvaluate" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>REALM/rest/1.0/policies/evaluate</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="ReferralsResourceRead" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>REALM/rest/1.0/referrals/read</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="ReferralsResourceModify" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>REALM/rest/1.0/referrals/modify</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>MODIFY</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="ApplicationResourceRead" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>REALM/rest/1.0/applications/read</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="ApplicationResourceModify" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>REALM/rest/1.0/applications/modify</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>MODIFY</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="ResourceTypeResourceRead" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>REALM/rest/1.0/resourcetypes/read</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="ResourceTypeResourceModify" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>REALM/rest/1.0/resourcetypes/modify</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>MODIFY</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="ApplicationTypesResourceRead" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>@SM_CONFIG_ROOT_SUFFIX@/rest/1.0/applicationtypes/read</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="ConditionTypesResourceRead" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>@SM_CONFIG_ROOT_SUFFIX@/rest/1.0/conditiontypes/read</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="SubjectTypesResourceRead" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>@SM_CONFIG_ROOT_SUFFIX@/rest/1.0/subjecttypes/read</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="SubjectAttributesResourceRead" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>@SM_CONFIG_ROOT_SUFFIX@/rest/1.0/subjectattributes/read</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="DecisionCombinersResourceRead" id="Permission">
<AttributeValuePair>
<Attribute name="resource" />
<Value>@SM_CONFIG_ROOT_SUFFIX@/rest/1.0/decisioncombiners/read</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="GlobalConfigRead" id="Permission">
<AttributeValuePair>
<Attribute name="resource"/>
<Value>@SM_CONFIG_ROOT_SUFFIX@/rest/1.0/global-config*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="actions"/>
<Value>READ</Value>
<Value>MODIFY</Value>
</AttributeValuePair>
</SubConfiguration>
</SubConfiguration>
<SubConfiguration name="Privileges">
<SubConfiguration name="RealmAdmin" id="Privilege">
<AttributeValuePair>
<Attribute name="listOfPermissions" />
<Value>RealmAdmin</Value>
<Value>GlobalConfigRead</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="defaultSubjectInLegacyMode" />
<Value>id=Organization Admin Role,ou=role,REALM,amsdkdn=cn=Organization Admin Role,REALM</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="LogAdmin" id="Privilege">
<AttributeValuePair>
<Attribute name="listOfPermissions" />
<Value>LogWrite</Value>
<Value>LogRead</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="LogRead" id="Privilege">
<AttributeValuePair>
<Attribute name="listOfPermissions" />
<Value>LogRead</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="LogWrite" id="Privilege">
<AttributeValuePair>
<Attribute name="listOfPermissions" />
<Value>LogWrite</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="AgentAdmin" id="Privilege">
<AttributeValuePair>
<Attribute name="listOfPermissions" />
<Value>RealmReadOnly</Value>
<Value>AgentsReadWrite</Value>
<Value>EntitlementRESTDecision</Value>
<Value>EntitlementRESTDecisions</Value>
<Value>EntitlementRESTEntitlement</Value>
<Value>EntitlementRESTEntitlements</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="FederationAdmin" id="Privilege">
<AttributeValuePair>
<Attribute name="listOfPermissions" />
<Value>COTAdmin</Value>
<Value>IDFFAdmin</Value>
<Value>SAML2Admin</Value>
<Value>WSFederationAdmin</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="RealmReadAccess" id="Privilege">
<AttributeValuePair>
<Attribute name="listOfPermissions" />
<Value>RealmResourceRead</Value>
<Value>RealmReadOnly</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="PolicyAdmin" id="Privilege">
<AttributeValuePair>
<Attribute name="listOfPermissions" />
<Value>PolicyAdmin</Value>
<Value>EntitlementAdmin</Value>
<Value>RealmReadOnly</Value>
<Value>RealmResourceRead</Value>
<Value>DatastoresReadOnly</Value>
<Value>PolicyResourceRead</Value>
<Value>PolicyResourceModify</Value>
<Value>ReferralsResourceRead</Value>
<Value>ReferralsResourceModify</Value>
<Value>ApplicationResourceRead</Value>
<Value>ApplicationResourceModify</Value>
<Value>ResourceTypeResourceRead</Value>
<Value>ResourceTypeResourceModify</Value>
<Value>ApplicationTypesResourceRead</Value>
<Value>SubjectTypesResourceRead</Value>
<Value>ConditionTypesResourceRead</Value>
<Value>DecisionCombinersResourceRead</Value>
<Value>SubjectAttributesResourceRead</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="defaultSubjectInLegacyMode" />
<Value>id=Organization Policy Admin Role,ou=role,REALM,amsdkdn=cn=Organization Policy Admin Role,REALM</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="EntitlementRestAccess" id="Privilege">
<AttributeValuePair>
<Attribute name="listOfPermissions" />
<Value>EntitlementRESTDecision</Value>
<Value>EntitlementRESTDecisions</Value>
<Value>EntitlementRESTEntitlement</Value>
<Value>EntitlementRESTEntitlements</Value>
<Value>PolicyResourceEvaluate</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="PrivilegeRestReadAccess" id="Privilege">
<AttributeValuePair>
<Attribute name="listOfPermissions" />
<Value>EntitlementRESTPrivilegeRead</Value>
<Value>PolicyResourceRead</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="PrivilegeRestAccess" id="Privilege">
<AttributeValuePair>
<Attribute name="listOfPermissions" />
<Value>EntitlementRESTPrivilegeWrite</Value>
<Value>PolicyResourceModify</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="ReferralsReadAccess" id="Privilege">
<AttributeValuePair>
<Attribute name="listOfPermissions" />
<Value>ReferralsResourceRead</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="ReferralsModifyAccess" id="Privilege">
<AttributeValuePair>
<Attribute name="listOfPermissions" />
<Value>ReferralsResourceModify</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="ApplicationReadAccess" id="Privilege">
<AttributeValuePair>
<Attribute name="listOfPermissions" />
<Value>ApplicationResourceRead</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="ApplicationModifyAccess" id="Privilege">
<AttributeValuePair>
<Attribute name="listOfPermissions" />
<Value>ApplicationResourceModify</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="ResourceTypeReadAccess" id="Privilege">
<AttributeValuePair>
<Attribute name="listOfPermissions" />
<Value>ResourceTypeResourceRead</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="ResourceTypeModifyAccess" id="Privilege">
<AttributeValuePair>
<Attribute name="listOfPermissions" />
<Value>ResourceTypeResourceModify</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="ApplicationTypesReadAccess" id="Privilege">
<AttributeValuePair>
<Attribute name="listOfPermissions" />
<Value>ApplicationTypesResourceRead</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="ConditionTypesReadAccess" id="Privilege">
<AttributeValuePair>
<Attribute name="listOfPermissions" />
<Value>ConditionTypesResourceRead</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="SubjectTypesReadAccess" id="Privilege">
<AttributeValuePair>
<Attribute name="listOfPermissions" />
<Value>SubjectTypesResourceRead</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="DecisionCombinersReadAccess" id="Privilege">
<AttributeValuePair>
<Attribute name="listOfPermissions" />
<Value>DecisionCombinersResourceRead</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="SubjectAttributesReadAccess" id="Privilege">
<AttributeValuePair>
<Attribute name="listOfPermissions" />
<Value>SubjectAttributesResourceRead</Value>
</AttributeValuePair>
</SubConfiguration>
</SubConfiguration>
</GlobalConfiguration>
<OrganizationConfiguration name="/">
<!-- Create empty organization configuration for
management of delegation policies -->
</OrganizationConfiguration>
</Configuration>
</Service>
</ServicesConfiguration>