This query may come in handy when debugging custom access control policies. It will show you all of the action-resource mappings associated with a given policy. To use, just pass in the policy name.
Note: Remember BecomeUser policies are unique in that they tend to not have explicit becomeUser action-resource mappings. This query is more useful for finding action mappings such as Execute.
select a.acaction_id, b.action, a.acrescgry_id, c.resclassname from ACRESACT a, ACACTION b, ACRESCGRY c
and a.acrescgry_id in
(select acrescgry_id from ACRESGPRES where acresgrp_id in
(select acresgrp_id from ACPOLICY where policyname='<policyname>'))
and a.acaction_id in
(select acaction_id from ACACTACTGP where acactgrp_id in
(select acactgrp_id from ACPOLICY where policyname='<policyname>'))