diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-03-04 11:08:54 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-03-04 11:09:43 -0500 |
commit | 4d0e739345fe3039db16e0ee613431e1aa92cf02 (patch) | |
tree | 87fe8f94e7b7265cd12b8a78eca89cedb87ad160 /ipalib/plugins/permission.py | |
parent | c0ecdd1395e457592407c2d4d622a2758896d8ca (diff) | |
download | freeipa-4d0e739345fe3039db16e0ee613431e1aa92cf02.tar.gz freeipa-4d0e739345fe3039db16e0ee613431e1aa92cf02.tar.xz freeipa-4d0e739345fe3039db16e0ee613431e1aa92cf02.zip |
Fix style and grammatical issues in built-in command help.
There is a rather large API.txt change but it is only due to changes
in the doc string in parameters.
ticket 729
Diffstat (limited to 'ipalib/plugins/permission.py')
-rw-r--r-- | ipalib/plugins/permission.py | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index af25f8112..ac8b09b1d 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -26,7 +26,7 @@ user, modifying a group, etc. A permission may not contain other permissions. -* A permissions grants access to read, write, add or delete. +* A permission grants access to read, write, add or delete. * A privilege combines similar permissions (for example all the permissions needed to add a user). * A role grants a set of privileges to users, groups, hosts or hostgroups. @@ -35,9 +35,10 @@ A permission is made up of a number of different parts: 1. The name of the permission. 2. The target of the permission. -3. The permissions granted by the permission. +3. The rights granted by the permission. -The permissions define what operations are allowed and are one or more of: +Rights define what operations are allowed, and may be one or more +of the following: 1. write - write one or more attributes 2. read - read one or more attributes 3. add - add a new entry to the tree @@ -49,14 +50,14 @@ permission is not expected to be used very often. Note the distinction between attributes and entries. The permissions are independent, so being able to add a user does not mean that the user will -be editabe. +be editable. There are a number of allowed targets: 1. type: a type of object (user, group, etc). 2. memberof: a member of a group or hostgroup 3. filter: an LDAP filter 4. subtree: an LDAP filter specifying part of the LDAP DIT. This is a - super-set of the type option. + super-set of the "type" target. 5. targetgroup: grant access to modify a specific group (such as granting the rights to manage group membership) |