Fix: Add managed read permissions for compat tree and operational attrs

This is a fix for an earlier version, which was committed by mistake as: master: 418ce870bfbe13cea694a7b862cafe35c703f660 ipa-4-0: 3e2c86aeabbd2e3c54ad73a40803ef2bf5b0cb17 ipa-4-1: 9bcd88589e30d31d3f533cd42d2f816ef01b07c7 Thanks to Alexander Bokovoy for contributions https://fedorahosted.org/freeipa/ticket/4521
author: Petr Viktorin <pviktori@redhat.com> 2014-09-05 15:25:29 +0200
committer: Petr Viktorin <pviktori@dhcp-31-13.brq.redhat.com> 2014-09-05 15:40:13 +0200
commit: 68d656f80a483a57f5ed80b7ead03a071abb0ef0 (patch)
tree: fe6f2979a59b3209503799f1054e6bc8b796eed1 /ipaserver
parent: c50dff22827cefbb0b0838bf7e9b1e3fcf8752c0 (diff)
download: freeipa-68d656f80a483a57f5ed80b7ead03a071abb0ef0.tar.gz
freeipa-68d656f80a483a57f5ed80b7ead03a071abb0ef0.tar.xz
freeipa-68d656f80a483a57f5ed80b7ead03a071abb0ef0.zip
1 files changed, 18 insertions, 0 deletions
diff --git a/ipaserver/install/plugins/update_managed_permissions.py b/ipaserver/install/plugins/update_managed_permissions.py
index 2051bd4a2..71da562a3 100644
--- a/ipaserver/install/plugins/update_managed_permissions.py
+++ b/ipaserver/install/plugins/update_managed_permissions.py
@@ -96,6 +96,24 @@ from ipaserver.install.plugins.baseupdate import PostUpdate
 register = Registry()
 
 NONOBJECT_PERMISSIONS = {
+    'System: Read Timestamp and USN Operational Attributes': {
+        'ipapermlocation': api.env.basedn,
+        'ipapermtargetfilter': {'(objectclass=*)'},
+        'ipapermbindruletype': 'anonymous',
+        'ipapermright': {'read', 'search', 'compare'},
+        'ipapermdefaultattr': {
+            'createtimestamp', 'modifytimestamp', 'entryusn',
+        },
+    },
+    'System: Read Creator and Modifier Operational Attributes': {
+        'ipapermlocation': api.env.basedn,
+        'ipapermtargetfilter': {'(objectclass=*)'},
+        'ipapermbindruletype': 'all',
+        'ipapermright': {'read', 'search', 'compare'},
+        'ipapermdefaultattr': {
+            'creatorsname', 'modifiersname',
+        },
+    },
     'System: Read IPA Masters': {
         'replaces_global_anonymous_aci': True,
         'ipapermlocation': DN('cn=masters,cn=ipa,cn=etc', api.env.basedn),
author	Petr Viktorin <pviktori@redhat.com>	2014-09-05 15:25:29 +0200
committer	Petr Viktorin <pviktori@dhcp-31-13.brq.redhat.com>	2014-09-05 15:40:13 +0200
commit	68d656f80a483a57f5ed80b7ead03a071abb0ef0 (patch)
tree	fe6f2979a59b3209503799f1054e6bc8b796eed1 /ipaserver
parent	c50dff22827cefbb0b0838bf7e9b1e3fcf8752c0 (diff)
download	freeipa-68d656f80a483a57f5ed80b7ead03a071abb0ef0.tar.gz freeipa-68d656f80a483a57f5ed80b7ead03a071abb0ef0.tar.xz freeipa-68d656f80a483a57f5ed80b7ead03a071abb0ef0.zip