diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2014-06-04 17:39:10 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-06-24 13:53:40 +0200 |
| commit | 820a60420da09dc52c7bd739d47b3bfad4da1b42 (patch) | |
| tree | 1443da3b8ebc95020748836c1d4e76b926c4ed06 /ACI.txt | |
| parent | f881f063647577b59f6d2d3a8d00225840498fe8 (diff) | |
| download | freeipa-820a60420da09dc52c7bd739d47b3bfad4da1b42.tar.gz freeipa-820a60420da09dc52c7bd739d47b3bfad4da1b42.tar.xz freeipa-820a60420da09dc52c7bd739d47b3bfad4da1b42.zip | |
Convert Role default permissions to managed
Part of the work for: https://fedorahosted.org/freeipa/ticket/4346
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'ACI.txt')
| -rw-r--r-- | ACI.txt | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -146,8 +146,16 @@ dn: cn=System: Read Group Password Policy,cn=permissions,cn=pbac,dc=ipa,dc=examp aci: (targetattr = "cn || cospriority || krbmaxpwdlife || krbminpwdlife || krbpwdfailurecountinterval || krbpwdhistorylength || krbpwdlockoutduration || krbpwdmaxfailure || krbpwdmindiffchars || krbpwdminlength || objectclass")(targetfilter = "(objectclass=krbpwdpolicy)")(version 3.0;acl "permission:System: Read Group Password Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Group Password Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=System: Read Realm Domains,cn=permissions,cn=pbac,dc=ipa,dc=example aci: (targetattr = "associateddomain || cn || objectclass")(targetfilter = "(objectclass=domainrelatedobject)")(version 3.0;acl "permission:System: Read Realm Domains";allow (compare,read,search) userdn = "ldap:///all";) +dn: cn=System: Add Roles,cn=permissions,cn=pbac,dc=ipa,dc=example +aci: (targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Add Roles";allow (add) groupdn = "ldap:///cn=System: Add Roles,cn=permissions,cn=pbac,dc=ipa,dc=example";) +dn: cn=System: Modify Role Membership,cn=permissions,cn=pbac,dc=ipa,dc=example +aci: (targetattr = "member")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Modify Role Membership";allow (write) groupdn = "ldap:///cn=System: Modify Role Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";) +dn: cn=System: Modify Roles,cn=permissions,cn=pbac,dc=ipa,dc=example +aci: (targetattr = "cn || description")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Modify Roles";allow (write) groupdn = "ldap:///cn=System: Modify Roles,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=System: Read Roles,cn=permissions,cn=pbac,dc=ipa,dc=example aci: (targetattr = "businesscategory || cn || description || member || memberhost || memberof || memberuser || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Read Roles";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Roles,cn=permissions,cn=pbac,dc=ipa,dc=example";) +dn: cn=System: Remove Roles,cn=permissions,cn=pbac,dc=ipa,dc=example +aci: (targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Remove Roles";allow (delete) groupdn = "ldap:///cn=System: Remove Roles,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=System: Read SELinux User Maps,cn=permissions,cn=pbac,dc=ipa,dc=example aci: (targetattr = "accesstime || cn || description || hostcategory || ipaenabledflag || ipaselinuxuser || ipauniqueid || member || memberhost || memberuser || objectclass || seealso || usercategory")(targetfilter = "(objectclass=ipaselinuxusermap)")(version 3.0;acl "permission:System: Read SELinux User Maps";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=System: Read Services,cn=permissions,cn=pbac,dc=ipa,dc=example |