<Policy name="ORGID^^RealmAdmin" referralPolicy="false" active="true" >
<Rule name="delegation-rule">
<ServiceName name="sunAMDelegationService" />
<ResourceName name="sms://*ORGSUFFIX/*" />
<AttributeValuePair>
<Attribute name="MODIFY" />
<Value>allow</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="DELEGATE" />
<Value>allow</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="READ" />
<Value>allow</Value>
</AttributeValuePair>
</Rule>
<Subjects name="Subjects" description="">
<Subject name="delegation-subject" type="AMIdentitySubject" includeType="inclusive">
<AttributeValuePair>
<Attribute name="Values"/>
<Value>id=Organization Admin Role,ou=role,ORGSUFFIX,amsdkdn=cn=Organization Admin Role,ORGSUFFIX</Value>
</AttributeValuePair>
</Subject>
</Subjects>
</Policy>
<Policy name="ORGID^^PolicyAdmin" referralPolicy="false" active="true" >
<Rule name="delegation-rule">
<ServiceName name="sunAMDelegationService" />
<ResourceName name="sms://*ORGSUFFIX/iPlanetAMPolicy*Service/*" />
<AttributeValuePair>
<Attribute name="MODIFY" />
<Value>allow</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="DELEGATE" />
<Value>allow</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="READ" />
<Value>allow</Value>
</AttributeValuePair>
</Rule>
<Subjects name="Subjects" description="">
<Subject name="delegation-subject" type="AMIdentitySubject" includeType="inclusive">
<AttributeValuePair>
<Attribute name="Values"/>
<Value>id=Organization Policy Admin Role,ou=role,ORGSUFFIX,amsdkdn=cn=Organization Policy Admin Role,ORGSUFFIX</Value>
</AttributeValuePair>
</Subject>
</Subjects>
</Policy>
<Policy name="ORGID^^RealmReadOnly" referralPolicy="false" active="true" >
<Rule name="delegation-rule">
<ServiceName name="sunAMDelegationService" />
<ResourceName name="sms://*ORGSUFFIX/sunAMRealmService/*" />
<AttributeValuePair>
<Attribute name="READ" />
<Value>allow</Value>
</AttributeValuePair>
</Rule>
<Subjects name="Subjects" description="">
<Subject name="delegation-subject" type="AMIdentitySubject" includeType="inclusive">
<AttributeValuePair>
<Attribute name="Values"/>
<Value>id=Organization Policy Admin Role,ou=role,ORGSUFFIX,amsdkdn=cn=Organization Policy Admin Role,ORGSUFFIX</Value>
</AttributeValuePair>
</Subject>
</Subjects>
</Policy>
<Policy name="ORGID^^DatastoresReadOnly" referralPolicy="false" active="true" >
<Rule name="delegation-rule">
<ServiceName name="sunAMDelegationService" />
<ResourceName name="sms://*ORGSUFFIX/sunIdentityRepositoryService/*" />
<AttributeValuePair>
<Attribute name="READ" />
<Value>allow</Value>
</AttributeValuePair>
</Rule>
<Subjects name="Subjects" description="">
<Subject name="delegation-subject" type="AMIdentitySubject" includeType="inclusive">
<AttributeValuePair>
<Attribute name="Values"/>
<Value>id=Organization Policy Admin Role,ou=role,ORGSUFFIX,amsdkdn=cn=Organization Policy Admin Role,ORGSUFFIX</Value>
</AttributeValuePair>
</Subject>
</Subjects>
</Policy>
