diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2014-03-26 15:58:08 +0100 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2014-04-14 10:57:37 +0200 |
| commit | c08f8d2f1e61e607a493980880a81120ad01a045 (patch) | |
| tree | fdcfcb5cfaf0e2ba1f266b03361c77011f65a40c /ipalib | |
| parent | db85ea32c185fee270ed900b2c60353b234454d8 (diff) | |
| download | freeipa-c08f8d2f1e61e607a493980880a81120ad01a045.tar.gz freeipa-c08f8d2f1e61e607a493980880a81120ad01a045.tar.xz freeipa-c08f8d2f1e61e607a493980880a81120ad01a045.zip | |
Add managed read permissions to host
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/host.py | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index 1e339acfc..9b5a39d89 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -252,6 +252,32 @@ class host(LDAPObject): } password_attributes = [('userpassword', 'has_password'), ('krbprincipalkey', 'has_keytab')] + managed_permissions = { + 'System: Read Hosts': { + 'replaces_global_anonymous_aci': True, + 'ipapermbindruletype': 'all', + 'ipapermright': {'read', 'search', 'compare'}, + 'ipapermdefaultattr': { + 'cn', 'description', 'fqdn', 'ipaclientversion', + 'ipakrbauthzdata', 'ipasshpubkey', 'ipauniqueid', + 'krbprincipalname', 'l', 'macaddress', 'nshardwareplatform', + 'nshostlocation', 'nsosversion', 'objectclass', + 'serverhostname', 'usercertificate', 'userclass', + 'enrolledby', 'managedby', + 'krbprincipalname', 'krbcanonicalname', 'krbprincipalaliases', + 'krbprincipalexpiration', 'krbpasswordexpiration', + 'krblastpwdchange', + }, + }, + 'System: Read Host Membership': { + 'replaces_global_anonymous_aci': True, + 'ipapermbindruletype': 'all', + 'ipapermright': {'read', 'search', 'compare'}, + 'ipapermdefaultattr': { + 'memberof', + }, + }, + } label = _('Hosts') label_singular = _('Host') |