Any ideas how to set ACL's via IDM?

I need to grant one specific object in my prod tree access the modify 3
attributes on all newly created accounts.
(This is in order to create GPAS accounts via IDM)

Thanks