You can grant a group of identities write access to all documents in a domain.
<?xml version="1.0" encoding="UTF-8"?> <resource-lists xmlns="urn:ietf:params:xml:ns:resource-lists" <list name="ServicesForUSDomain"> <entry uri="sip:service1@us.example.com"/> <entry uri="sip:service2@us.example.com"/> </list> </resource-lists>
In order for SuperAdmin to provide write access to service IDs listed in the domain user list document, SuperAdmin must create an authorization policy document that complies with the IETF common policy specification. The authorization policy document must be similar to the following example, which references the external list ServicesForUSDomain that is defined in the domain user list document.
<?xml version="1.0" encoding="UTF-8"?> <ruleset xmlns="urn:ietf:params:xml:ns:common-policy" xmlns:oma="urn:oma:xml:xdm:common-policy"> <rule id="write"> <conditions> <oma:external-list> <oma:entry anc="http://xdms.example.com:9080/services/resource-lists/superadmin/domainUserList.xml/~~/resource-lists/list%5b@name=%22ServicesForUSDomain%22%5d" /> </oma:external-list> </conditions> <actions /> <transformations /> </rule> </ruleset>
The authorization policy document must be created with the XCAP URI to a special directory.xml within a special users XUI named domain:us.example.com with the access control list (ACL) AUID which is com.ibm.resource-lists-acls.http://xdms.example.com:9080/services/com.ibm.resource-lists-acls/users/domain:us.example.com/directory.xml
This defines the authorization policy document that grants write access to all service IDs ,within the domain user list document, to write to any document stored in any users directory that is under the domain us.example.com (including sub-domains) for the corresponding resource-lists AUID.
Before using the XDMS client and XCAP requests, make sure that you have JDK1.5.0 SR 5 installed and configured in your system path variables.
Create or edit an XDM policy document and post it to the XDMS.