From 9d0dc89b03d4e3f50d54d1189a119016b2c805c3 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Tue, 11 Jan 2011 20:31:09 +0700
Subject: Renamed hbac to hbacrule.

All references to hbac in the UI have been replaced with hbacrule.
This is to match the hbacrule plugin. The test data and templates
have been renamed as well.
---
 install/static/Makefile.am                         |   2 +-
 install/static/hbac.js                             | 984 ---------------------
 install/static/hbacrule.js                         | 984 +++++++++++++++++++++
 install/static/index.html                          |   2 +-
 install/static/layouts/default/Makefile.am         |  12 +-
 .../layouts/default/hbac-details-accesstime.html   |  49 -
 .../layouts/default/hbac-details-general.html      |  57 --
 .../static/layouts/default/hbac-details-host.html  |  78 --
 .../layouts/default/hbac-details-service.html      |  78 --
 .../layouts/default/hbac-details-sourcehost.html   |  78 --
 .../static/layouts/default/hbac-details-user.html  |  78 --
 .../default/hbacrule-details-accesstime.html       |  49 +
 .../layouts/default/hbacrule-details-general.html  |  57 ++
 .../layouts/default/hbacrule-details-host.html     |  78 ++
 .../layouts/default/hbacrule-details-service.html  |  78 ++
 .../default/hbacrule-details-sourcehost.html       |  78 ++
 .../layouts/default/hbacrule-details-user.html     |  78 ++
 install/static/test/data/hbac_add.json             |  27 -
 install/static/test/data/hbac_add_accesstime.json  |   7 -
 install/static/test/data/hbac_add_host.json        |  56 --
 install/static/test/data/hbac_add_service.json     |  56 --
 install/static/test/data/hbac_add_sourcehost.json  |  56 --
 install/static/test/data/hbac_add_user.json        |  56 --
 install/static/test/data/hbac_del.json             |   9 -
 install/static/test/data/hbac_find.json            |  54 --
 install/static/test/data/hbac_mod.json             |  60 --
 .../static/test/data/hbac_remove_accesstime.json   |   7 -
 install/static/test/data/hbac_remove_host.json     |  50 --
 install/static/test/data/hbac_remove_service.json  |  49 -
 .../static/test/data/hbac_remove_sourcehost.json   |  50 --
 install/static/test/data/hbac_remove_user.json     |  48 -
 install/static/test/data/hbac_show.json            |  76 --
 install/static/test/data/hbacrule_add.json         |  27 +
 .../static/test/data/hbacrule_add_accesstime.json  |   7 +
 install/static/test/data/hbacrule_add_host.json    |  56 ++
 install/static/test/data/hbacrule_add_service.json |  56 ++
 .../static/test/data/hbacrule_add_sourcehost.json  |  56 ++
 install/static/test/data/hbacrule_add_user.json    |  56 ++
 install/static/test/data/hbacrule_del.json         |   9 +
 install/static/test/data/hbacrule_find.json        |  54 ++
 install/static/test/data/hbacrule_mod.json         |  60 ++
 .../test/data/hbacrule_remove_accesstime.json      |   7 +
 install/static/test/data/hbacrule_remove_host.json |  50 ++
 .../static/test/data/hbacrule_remove_service.json  |  49 +
 .../test/data/hbacrule_remove_sourcehost.json      |  50 ++
 install/static/test/data/hbacrule_remove_user.json |  48 +
 install/static/test/data/hbacrule_show.json        |  76 ++
 install/static/test/data/ipa_init.json             |   8 +-
 install/static/webui.js                            |   2 +-
 49 files changed, 2076 insertions(+), 2076 deletions(-)
 delete mode 100755 install/static/hbac.js
 create mode 100755 install/static/hbacrule.js
 delete mode 100755 install/static/layouts/default/hbac-details-accesstime.html
 delete mode 100755 install/static/layouts/default/hbac-details-general.html
 delete mode 100755 install/static/layouts/default/hbac-details-host.html
 delete mode 100755 install/static/layouts/default/hbac-details-service.html
 delete mode 100755 install/static/layouts/default/hbac-details-sourcehost.html
 delete mode 100755 install/static/layouts/default/hbac-details-user.html
 create mode 100755 install/static/layouts/default/hbacrule-details-accesstime.html
 create mode 100755 install/static/layouts/default/hbacrule-details-general.html
 create mode 100755 install/static/layouts/default/hbacrule-details-host.html
 create mode 100755 install/static/layouts/default/hbacrule-details-service.html
 create mode 100755 install/static/layouts/default/hbacrule-details-sourcehost.html
 create mode 100755 install/static/layouts/default/hbacrule-details-user.html
 delete mode 100644 install/static/test/data/hbac_add.json
 delete mode 100644 install/static/test/data/hbac_add_accesstime.json
 delete mode 100644 install/static/test/data/hbac_add_host.json
 delete mode 100644 install/static/test/data/hbac_add_service.json
 delete mode 100644 install/static/test/data/hbac_add_sourcehost.json
 delete mode 100644 install/static/test/data/hbac_add_user.json
 delete mode 100644 install/static/test/data/hbac_del.json
 delete mode 100644 install/static/test/data/hbac_find.json
 delete mode 100644 install/static/test/data/hbac_mod.json
 delete mode 100644 install/static/test/data/hbac_remove_accesstime.json
 delete mode 100644 install/static/test/data/hbac_remove_host.json
 delete mode 100644 install/static/test/data/hbac_remove_service.json
 delete mode 100644 install/static/test/data/hbac_remove_sourcehost.json
 delete mode 100644 install/static/test/data/hbac_remove_user.json
 delete mode 100644 install/static/test/data/hbac_show.json
 create mode 100644 install/static/test/data/hbacrule_add.json
 create mode 100644 install/static/test/data/hbacrule_add_accesstime.json
 create mode 100644 install/static/test/data/hbacrule_add_host.json
 create mode 100644 install/static/test/data/hbacrule_add_service.json
 create mode 100644 install/static/test/data/hbacrule_add_sourcehost.json
 create mode 100644 install/static/test/data/hbacrule_add_user.json
 create mode 100644 install/static/test/data/hbacrule_del.json
 create mode 100644 install/static/test/data/hbacrule_find.json
 create mode 100644 install/static/test/data/hbacrule_mod.json
 create mode 100644 install/static/test/data/hbacrule_remove_accesstime.json
 create mode 100644 install/static/test/data/hbacrule_remove_host.json
 create mode 100644 install/static/test/data/hbacrule_remove_service.json
 create mode 100644 install/static/test/data/hbacrule_remove_sourcehost.json
 create mode 100644 install/static/test/data/hbacrule_remove_user.json
 create mode 100644 install/static/test/data/hbacrule_show.json

diff --git a/install/static/Makefile.am b/install/static/Makefile.am
index 5c88d7800..a539eb8bc 100644
--- a/install/static/Makefile.am
+++ b/install/static/Makefile.am
@@ -21,7 +21,7 @@ app_DATA =                              \
 	jquery-ui.css			\
 	certificate.js 			\
 	group.js 			\
-	hbac.js 			\
+	hbacrule.js 			\
 	hbacsvc.js 			\
 	hbacsvcgroup.js 		\
 	host.js 			\
diff --git a/install/static/hbac.js b/install/static/hbac.js
deleted file mode 100755
index 264b7c5ae..000000000
--- a/install/static/hbac.js
+++ /dev/null
@@ -1,984 +0,0 @@
-/*  Authors:
- *    Endi Sukma Dewata <edewata@redhat.com>
- *
- * Copyright (C) 2010 Red Hat
- * see file 'COPYING' for use and warranty information
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-/* REQUIRES: ipa.js, details.js, search.js, add.js, entity.js */
-
-function ipa_hbac() {
-
-    var that = ipa_entity({
-        'name': 'hbac'
-    });
-
-    that.init = function() {
-
-        var dialog = ipa_hbac_add_dialog({
-            'name': 'add',
-            'title': 'Add New Rule'
-        });
-        that.add_dialog(dialog);
-        dialog.init();
-
-        var facet = ipa_hbac_search_facet({
-            'name': 'search',
-            'label': 'Search'
-        });
-        that.add_facet(facet);
-
-        facet = ipa_hbac_details_facet({
-            'name': 'details',
-            'label': 'Details'
-        });
-        that.add_facet(facet);
-
-        that.entity_init();
-    };
-
-    return that;
-}
-
-IPA.add_entity(ipa_hbac());
-
-function ipa_hbac_add_dialog(spec) {
-
-    spec = spec || {};
-
-    var that = ipa_add_dialog(spec);
-
-    that.init = function() {
-
-        that.add_field(ipa_text_widget({
-            'name': 'cn',
-            'undo': false
-        }));
-
-        that.add_field(ipa_radio_widget({
-            'name': 'accessruletype',
-            'options': [
-                { 'value': 'allow', 'label': 'Allow' },
-                { 'value': 'deny', 'label': 'Deny' }
-            ],
-            'undo': false
-        }));
-
-        that.add_dialog_init();
-    };
-
-    return that;
-}
-
-function ipa_hbac_search_facet(spec) {
-
-    spec = spec || {};
-
-    var that = ipa_search_facet(spec);
-
-    that.init = function() {
-
-        that.create_column({name:'cn'});
-        that.create_column({name:'usercategory'});
-        that.create_column({name:'hostcategory'});
-        that.create_column({name:'ipaenabledflag'});
-        that.create_column({name:'servicecategory'});
-        that.create_column({name:'sourcehostcategory'});
-
-        that.search_facet_init();
-    };
-
-    that.create = function(container) {
-
-/*
-        // Not yet implemented
-
-        var left_buttons = $('<span/>', {
-            'style': 'float: left;'
-        }).appendTo(container);
-
-        left_buttons.append(ipa_button({
-            'label': 'Troubleshoot Rules'
-        }));
-
-        left_buttons.append(ipa_button({
-            'label': 'Cull Disabled Rules'
-        }));
-*/
-
-        that.search_facet_create(container);
-
-    };
-
-    return that;
-}
-
-function ipa_hbac_details_facet(spec) {
-
-    spec = spec || {};
-
-    var that = ipa_details_facet(spec);
-
-    that.init = function() {
-
-        var section;
-
-        if (IPA.layout) {
-            section = that.create_section({
-                'name': 'general',
-                'label': 'General',
-                'template': 'hbac-details-general.html #contents'
-            });
-
-        } else {
-            section = ipa_hbac_details_general_section({
-                'name': 'general',
-                'label': 'General'
-            });
-            that.add_section(section);
-        }
-
-        section.create_text({ 'name': 'cn', 'label': 'Name', 'read_only': true });
-        section.create_radio({ 'name': 'accessruletype', 'label': 'Rule Type' });
-        section.create_textarea({ 'name': 'description', 'label': 'Description' });
-        section.create_radio({ 'name': 'ipaenabledflag', 'label': 'Enabled' });
-
-        if (IPA.layout) {
-            section = that.create_section({
-                'name': 'user',
-                'label': 'Who',
-                'template': 'hbac-details-user.html #contents'
-            });
-
-        } else {
-            section = ipa_rule_details_section({
-                'name': 'user',
-                'label': 'Who',
-                'text': 'Rule applies when access is requested by:',
-                'field_name': 'usercategory',
-                'options': [
-                    { 'value': 'all', 'label': 'Anyone' },
-                    { 'value': '', 'label': 'Specified Users and Groups' }
-                ],
-                'tables': [
-                    { 'field_name': 'memberuser_user' },
-                    { 'field_name': 'memberuser_group' }
-                ]
-            });
-            that.add_section(section);
-        }
-
-        var category = section.create_radio({ name: 'usercategory', label: 'User category' });
-        section.add_field(ipa_rule_association_table_widget({
-            'id': that.entity_name+'-memberuser_user',
-            'name': 'memberuser_user', 'label': 'Users', 'category': category,
-            'other_entity': 'user', 'add_method': 'add_user', 'remove_method': 'remove_user'
-        }));
-        section.add_field(ipa_rule_association_table_widget({
-            'id': that.entity_name+'-memberuser_group',
-            'name': 'memberuser_group', 'label': 'Groups', 'category': category,
-            'other_entity': 'group', 'add_method': 'add_user', 'remove_method': 'remove_user'
-        }));
-
-        if (IPA.layout) {
-            section = that.create_section({
-                'name': 'host',
-                'label': 'Accessing',
-                'template': 'hbac-details-host.html #contents'
-            });
-
-        } else {
-            section = ipa_rule_details_section({
-                'name': 'host',
-                'label': 'Accessing',
-                'text': 'Rule applies when access is requested to:',
-                'field_name': 'hostcategory',
-                'options': [
-                    { 'value': 'all', 'label': 'Any Host' },
-                    { 'value': '', 'label': 'Specified Hosts and Groups' }
-                ],
-                'tables': [
-                    { 'field_name': 'memberhost_host' },
-                    { 'field_name': 'memberhost_hostgroup' }
-                ]
-            });
-            that.add_section(section);
-        }
-
-        category = section.create_radio({ 'name': 'hostcategory', 'label': 'Host category' });
-        section.add_field(ipa_rule_association_table_widget({
-            'id': that.entity_name+'-memberhost_host',
-            'name': 'memberhost_host', 'label': 'Hosts', 'category': category,
-            'other_entity': 'host', 'add_method': 'add_host', 'remove_method': 'remove_host'
-        }));
-        section.add_field(ipa_rule_association_table_widget({
-            'id': that.entity_name+'-memberhost_hostgroup',
-            'name': 'memberhost_hostgroup', 'label': 'Host Groups', 'category': category,
-            'other_entity': 'hostgroup', 'add_method': 'add_host', 'remove_method': 'remove_host'
-        }));
-
-        if (IPA.layout) {
-            section = that.create_section({
-                'name': 'service',
-                'label': 'Via Service',
-                'template': 'hbac-details-service.html #contents'
-            });
-
-        } else {
-            section = ipa_rule_details_section({
-                'name': 'service',
-                'label': 'Via Service',
-                'text': 'Rule applies when access is requested via:',
-                'field_name': 'servicecategory',
-                'options': [
-                    { 'value': 'all', 'label': 'Any Service' },
-                    { 'value': '', 'label': 'Specified Services and Groups' }
-                ],
-                'tables': [
-                    { 'field_name': 'memberservice_hbacsvc' },
-                    { 'field_name': 'memberservice_hbacsvcgroup' }
-                ]
-            });
-            that.add_section(section);
-        }
-
-        category = section.create_radio({ 'name': 'servicecategory', 'label': 'Service category' });
-        section.add_field(ipa_rule_association_table_widget({
-            'id': that.entity_name+'-memberservice_hbacsvc',
-            'name': 'memberservice_hbacsvc', 'label': 'Services', 'category': category,
-            'other_entity': 'hbacsvc', 'add_method': 'add_service', 'remove_method': 'remove_service'
-        }));
-        section.add_field(ipa_rule_association_table_widget({
-            'id': that.entity_name+'-memberservice_hbacsvcgroup',
-            'name': 'memberservice_hbacsvcgroup', 'label': 'Service Groups', 'category': category,
-            'other_entity': 'hbacsvcgroup', 'add_method': 'add_service', 'remove_method': 'remove_service'
-        }));
-
-        if (IPA.layout) {
-            section = that.create_section({
-                'name': 'sourcehost',
-                'label': 'From',
-                'template': 'hbac-details-sourcehost.html #contents'
-            });
-
-        } else {
-            section = ipa_rule_details_section({
-                'name': 'sourcehost',
-                'label': 'From',
-                'text': 'Rule applies when access is being initiated from:',
-                'field_name': 'sourcehostcategory',
-                'options': [
-                    { 'value': 'all', 'label': 'Any Host' },
-                    { 'value': '', 'label': 'Specified Hosts and Groups' }
-                ],
-                'tables': [
-                    { 'field_name': 'sourcehost_host' },
-                    { 'field_name': 'sourcehost_hostgroup' }
-                ]
-            });
-            that.add_section(section);
-        }
-
-        category = section.create_radio({ 'name': 'sourcehostcategory', 'label': 'Source host category' });
-        section.add_field(ipa_rule_association_table_widget({
-            'id': that.entity_name+'-sourcehost_host',
-            'name': 'sourcehost_host', 'label': 'Host', 'category': category,
-            'other_entity': 'host', 'add_method': 'add_sourcehost', 'remove_method': 'remove_sourcehost'
-        }));
-        section.add_field(ipa_rule_association_table_widget({
-            'id': that.entity_name+'-sourcehost_hostgroup',
-            'name': 'sourcehost_hostgroup', 'label': 'Host Groups', 'category': category,
-            'other_entity': 'hostgroup', 'add_method': 'add_sourcehost', 'remove_method': 'remove_sourcehost'
-        }));
-/*
-        if (IPA.layout) {
-            section = that.create_section({
-                'name': 'accesstime',
-                'label': 'When',
-                'template': 'hbac-details-accesstime.html #contents'
-            });
-
-        } else {
-            section = that.create_section({
-                'name': 'accesstime',
-                'label': 'When'
-            });
-        }
-
-        section.add_field(ipa_hbac_accesstime_widget({
-            'id': 'accesstime',
-            'name': 'accesstime', 'label': 'Access Time',
-            'text': 'Rule applies when access is being requested at:',
-            'options': [
-                { 'value': 'all', 'label': 'Any Time' },
-                { 'value': '', 'label': 'Specified Times' }
-            ]
-        }));
-*/
-        that.details_facet_init();
-    };
-
-    that.update = function() {
-
-        var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || '';
-
-        var modify_operation = {
-            'execute': false,
-            'command': ipa_command({
-                'method': that.entity_name+'_mod',
-                'args': [pkey],
-                'options': {'all': true, 'rights': true}
-            })
-        };
-
-        var remove_accesstime = {
-            'template': ipa_command({
-                'method': that.entity_name+'_remove_accesstime',
-                'args': [pkey],
-                'options': {'all': true, 'rights': true}
-            }),
-            'commands': []
-        };
-
-        var categories = {
-            'usercategory': {
-                'remove_values': false
-            },
-            'hostcategory': {
-                'remove_values': false
-            },
-            'servicecategory': {
-                'remove_values': false
-            },
-            'sourcehostcategory': {
-                'remove_values': false
-            }
-        };
-
-        var member_operations = {
-            'memberuser': {
-                'category': 'usercategory',
-                'has_values': false,
-                'command': ipa_command({
-                    'method': that.entity_name+'_remove_user',
-                    'args': [pkey],
-                    'options': {'all': true, 'rights': true}
-                })
-            },
-            'memberhost': {
-                'category': 'hostcategory',
-                'has_values': false,
-                'command': ipa_command({
-                    'method': that.entity_name+'_remove_host',
-                    'args': [pkey],
-                    'options': {'all': true, 'rights': true}
-                })
-            },
-            'memberservice': {
-                'category': 'servicecategory',
-                'has_values': false,
-                'command': ipa_command({
-                    'method': that.entity_name+'_remove_service',
-                    'args': [pkey],
-                    'options': {'all': true, 'rights': true}
-                })
-            },
-            'sourcehost': {
-                'category': 'sourcehostcategory',
-                'has_values': false,
-                'command': ipa_command({
-                    'method': that.entity_name+'_remove_sourcehost',
-                    'args': [pkey],
-                    'options': {'all': true, 'rights': true}
-                })
-            }
-        };
-
-        var enable_operation = {
-            'execute': false,
-            'command': ipa_command({
-                'method': that.entity_name+'_enable',
-                'args': [pkey],
-                'options': {'all': true, 'rights': true}
-            })
-        };
-
-        for (var i=0; i<that.sections.length; i++) {
-            var section = that.sections[i];
-
-            var div = $('#'+that.entity_name+'-'+that.name+'-'+section.name, that.container);
-
-            for (var j=0; j<section.fields.length; j++) {
-                var field = section.fields[j];
-
-                var span = $('span[name='+field.name+']', div).first();
-                var values = field.save();
-                if (!values) continue;
-
-                var param_info = ipa_get_param_info(that.entity_name, field.name);
-
-                // skip primary key
-                if (param_info && param_info['primary_key']) continue;
-
-                var p = field.name.indexOf('_');
-                if (p >= 0) {
-                    // prepare command to remove members if needed
-                    var attribute = field.name.substring(0, p);
-                    var other_entity = field.name.substring(p+1);
-
-                    if (values.length) {
-                        member_operations[attribute].command.set_option(other_entity, values.join(','));
-                        member_operations[attribute].has_values = true;
-                    }
-                    continue;
-                }
-
-                // skip unchanged field
-                if (!field.is_dirty(span)) continue;
-
-                // check enable/disable
-                if (field.name == 'ipaenabledflag') {
-                    if (values[0] == 'FALSE') enable_operation.command.method = that.entity_name+'_disable';
-                    enable_operation.execute = true;
-                    continue;
-                }
-
-                if (field.name == 'accesstime') {
-                    // if accesstime is dirty, it means 'Any Time' is selected,
-                    // so existing values have to be removed
-                    for (var k=0; k<field.values.length; k++) {
-                        var command = ipa_command(remove_accesstime.template);
-                        command.set_option(field.name, field.values[k]);
-                        remove_accesstime.commands.push(command);
-                    }
-                    continue;
-                }
-
-                if (categories[field.name]) {
-                    if (values[0] == 'all') {
-                        categories[field.name].remove_values = true;
-                    }
-                }
-
-                // use setattr/addattr if param_info not available
-                if (!param_info) {
-                    for (var k=0; k<values.length; k++) {
-                        modify_operation.command.set_option(
-                            k == 0 ? 'setattr' : 'addattr',
-                            field.name+'='+values[k]
-                        );
-                        modify_operation.execute = true;
-                    }
-                    continue;
-                }
-
-                // set modify options
-                if (values.length == 1) {
-                    modify_operation.command.set_option(field.name, values[0]);
-                } else {
-                    modify_operation.command.set_option(field.name, values);
-                }
-                modify_operation.execute = true;
-            }
-        }
-
-        var batch = ipa_batch_command({
-            'name': 'hbac_details_update',
-            'on_success': function(data, text_status, xhr) {
-                that.refresh();
-            },
-            'on_error': function(xhr, text_status, error_thrown) {
-                that.refresh();
-            }
-        });
-
-        for (var member_attribute in member_operations) {
-            var member_operation = member_operations[member_attribute];
-            if (member_operation.has_values &&
-                categories[member_operation.category].remove_values) {
-                batch.add_command(member_operations[member_attribute].command);
-            }
-        }
-
-        batch.add_commands(remove_accesstime.commands);
-
-        if (modify_operation.execute) batch.add_command(modify_operation.command);
-        if (enable_operation.execute) batch.add_command(enable_operation.command);
-
-        if (!batch.commands.length) {
-            that.refresh();
-            return;
-        }
-
-        //alert(JSON.stringify(batch.to_json()));
-
-        batch.execute();
-    };
-
-    that.reset = function() {
-        for (var i=0; i<that.sections.length; i++) {
-            var section = that.sections[i];
-            section.reset();
-        }
-    };
-
-    return that;
-}
-
-function ipa_hbac_details_general_section(spec){
-
-    spec = spec || {};
-
-    var that = ipa_details_section(spec);
-
-    that.create = function(container) {
-
-        var table = $('<table/>', {
-            'style': 'width: 100%;'
-        }).appendTo(container);
-
-        var tr = $('<tr/>').appendTo(table);
-
-        var td = $('<td/>', {
-            'style': 'width: 100px; text-align: right;',
-            'html': 'Name:'
-        }).appendTo(tr);
-
-        td = $('<td/>').appendTo(tr);
-
-        var span = $('<span/>', { 'name': 'cn' }).appendTo(td);
-
-        $('<input/>', {
-            'type': 'text',
-            'name': 'cn',
-            'size': 30
-        }).appendTo(span);
-
-        span.append(' ');
-
-        $('<span/>', {
-            'name': 'undo',
-            'class': 'ui-state-highlight ui-corner-all',
-            'style': 'display: none;',
-            'html': 'undo'
-        }).appendTo(span);
-
-        td = $('<td/>', {
-            'style': 'text-align: right;'
-        }).appendTo(tr);
-
-        td.append('Rule type:');
-
-        span = $('<span/>', { 'name': 'accessruletype' }).appendTo(td);
-
-        $('<input/>', {
-            'type': 'radio',
-            'name': 'accessruletype',
-            'value': 'allow'
-        }).appendTo(span);
-
-        span.append('Allow');
-
-        $('<input/>', {
-            'type': 'radio',
-            'name': 'accessruletype',
-            'value': 'deny'
-        }).appendTo(span);
-
-        span.append('Deny');
-
-        span.append(' ');
-
-        $('<span/>', {
-            'name': 'undo',
-            'class': 'ui-state-highlight ui-corner-all',
-            'style': 'display: none;',
-            'html': 'undo'
-        }).appendTo(span);
-
-        tr = $('<tr/>').appendTo(table);
-
-        td = $('<td/>', {
-            'style': 'text-align: right; vertical-align: top;',
-            'html': 'Description:'
-        }).appendTo(tr);
-
-        td = $('<td/>', {
-            'colspan': 2
-        }).appendTo(tr);
-
-        span = $('<span/>', { 'name': 'description' }).appendTo(td);
-
-        $('<textarea/>', {
-            'name': 'description',
-            'rows': 5,
-            'style': 'width: 100%'
-        }).appendTo(span);
-
-        span.append(' ');
-
-        $('<span/>', {
-            'name': 'undo',
-            'class': 'ui-state-highlight ui-corner-all',
-            'style': 'display: none;',
-            'html': 'undo'
-        }).appendTo(span);
-
-        tr = $('<tr/>').appendTo(table);
-
-        td = $('<td/>', {
-            'style': 'text-align: right; vertical-align: top;',
-            'html': 'Rule status:'
-        }).appendTo(tr);
-
-        td = $('<td/>', {
-            'colspan': 2
-        }).appendTo(tr);
-
-        span = $('<span/>', { 'name': 'ipaenabledflag' }).appendTo(td);
-
-        $('<input/>', {
-            'type': 'radio',
-            'name': 'ipaenabledflag',
-            'value': 'TRUE'
-        }).appendTo(span);
-
-        span.append('Active');
-
-        $('<input/>', {
-            'type': 'radio',
-            'name': 'ipaenabledflag',
-            'value': 'FALSE'
-        }).appendTo(span);
-
-        span.append('Inactive');
-
-        span.append(' ');
-
-        $('<span/>', {
-            'name': 'undo',
-            'class': 'ui-state-highlight ui-corner-all',
-            'style': 'display: none;',
-            'html': 'undo'
-        }).appendTo(span);
-    };
-
-    return that;
-}
-
-function ipa_hbac_accesstime_widget(spec) {
-
-    spec = spec || {};
-
-    var that = ipa_widget(spec);
-
-    that.text = spec.text;
-    that.options = spec.options || [];
-
-    that.init = function() {
-
-        that.widget_init();
-
-        that.table = ipa_table_widget({
-            'id': 'accesstime-table',
-            'name': 'table', 'label': that.label
-        });
-
-        that.table.create_column({
-            'name': that.name,
-            'label': that.label,
-            'primary_key': true
-        });
-
-        that.table.init();
-    };
-
-    that.create = function(container) {
-
-        that.widget_create(container);
-
-        var span = $('<span/>', { 'name': 'text' }).appendTo(container);
-
-        span.append(that.text);
-
-        for (var i=0; i<that.options.length; i++) {
-            var option = that.options[i];
-
-            $('<input/>', {
-                'type': 'radio',
-                'name': that.name,
-                'value': option.value
-            }).appendTo(container);
-
-            container.append(option.label);
-        }
-
-        container.append(' ');
-
-        $('<span/>', {
-            'name': 'undo',
-            'class': 'ui-state-highlight ui-corner-all',
-            'style': 'display: none;',
-            'html': 'undo'
-        }).appendTo(container);
-
-        container.append('<br/>');
-
-        span = $('<span/>', { 'name': 'table' }).appendTo(container);
-
-        that.table.create(span);
-
-        var buttons = $('span[name=buttons]', span);
-
-        $('<input/>', {
-            'type': 'button',
-            'name': 'remove',
-            'value': 'Remove '+that.label
-        }).appendTo(buttons);
-
-        $('<input/>', {
-            'type': 'button',
-            'name': 'add',
-            'value': 'Add '+that.label
-        }).appendTo(buttons);
-    };
-
-    that.setup = function(container) {
-
-        that.widget_setup(container);
-
-        var span = $('span[name="table"]', that.container);
-        that.table.setup(span);
-
-        var button = $('input[name=remove]', span);
-        button.replaceWith(ipa_button({
-            'label': button.val(),
-            'icon': 'ui-icon-trash',
-            'click': function() { that.remove(that.container); }
-        }));
-
-        button = $('input[name=add]', span);
-        button.replaceWith(ipa_button({
-            'label': button.val(),
-            'icon': 'ui-icon-plus',
-            'click': function() { that.add(that.container) }
-        }));
-
-        var input = $('input[name="'+that.name+'"]', that.container);
-        input.change(function() {
-            that.show_undo();
-        });
-
-        var undo = that.get_undo();
-        undo.click(function() {
-            that.reset();
-        });
-    };
-
-    that.save = function() {
-        var value = $('input[name="'+that.name+'"]:checked', that.container).val();
-        if (value == '') {
-            return that.table.save();
-        } else {
-            return [];
-        }
-    };
-
-    that.load = function(record) {
-
-        that.values = record[that.name] || [];
-        that.reset();
-    };
-
-    that.update = function() {
-
-        that.set_category(that.container, that.values && that.values.length ? '' : 'all');
-
-        that.table.tbody.empty();
-        for (var i=0; that.values && i<that.values.length; i++) {
-            var record = {};
-            record[that.name] = that.values[i];
-            that.table.add_record(record);
-        }
-    };
-
-    that.set_category = function(container, value) {
-        $('input[name="'+that.name+'"][value="'+value+'"]', that.container).get(0).checked = true;
-    };
-
-    that.add = function() {
-
-        var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || '';
-        var title = 'Add '+that.label+' to '+that.entity_name+' '+pkey;
-
-        var dialog = ipa_dialog({
-            'title': title
-        });
-
-        dialog.add_field(ipa_text_widget({
-            'name': that.name,
-            'label': that.label
-        }));
-
-        dialog.create = function() {
-            var table = $('<table/>').appendTo(dialog.container);
-
-            var tr = $('<tr/>').appendTo(table);
-
-            var td = $('<td/>', {
-                'style': 'vertical-align: top;'
-            }).appendTo(tr);
-            td.append(that.label+': ');
-
-            td = $('<td/>').appendTo(tr);
-
-            var span = $('<span/>', { 'name': that.name }).appendTo(td);
-
-            $('<input/>', {
-                'type': 'text',
-                'name': that.name,
-                'size': 40
-            }).appendTo(span);
-
-            tr = $('<tr/>').appendTo(table);
-
-            td = $('<td/>', {
-                'style': 'vertical-align: top;'
-            }).appendTo(tr);
-            td.append('Example:');
-
-            td = $('<td/>').appendTo(tr);
-
-            td.append('<b>Every day between 0800 and 1400:</b><br/>');
-            td.append('periodic daily 0800-1400<br/><br/>');
-
-            td.append('<b>December 16, 2010 from 10:32 until 10:33:</b><br/>');
-            td.append('absolute 201012161032 ~ 201012161033<td/>');
-        };
-
-        function add(on_success, on_error) {
-
-            var field = dialog.get_field(that.name);
-            var value = field.save()[0];
-
-            var command = ipa_command({
-                'method': that.entity_name+'_add_'+that.name,
-                'args': [pkey],
-                'on_success': function() {
-                    that.refresh();
-                    if (on_success) on_success();
-                },
-                'on_error': function() {
-                    that.refresh();
-                    if (on_error) on_error();
-                }
-            });
-
-            command.set_option(that.name, value);
-
-            command.execute();
-        }
-
-        dialog.add_button('Add', function() {
-            add(
-                function() { dialog.reset(); }
-            );
-        });
-
-        dialog.add_button('Add and Close', function() {
-            add(
-                function() { dialog.close(); },
-                function() { dialog.close(); }
-            );
-        });
-
-        dialog.add_button('Cancel', function() {
-            dialog.close();
-        });
-
-        dialog.init();
-
-        dialog.open(that.container);
-    };
-
-    that.remove = function() {
-
-        var values = that.table.get_selected_values();
-
-        if (!values.length) {
-            alert('Select '+that.label+' to be removed.');
-            return;
-        }
-
-        var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || '';
-        var title = 'Remove '+that.label+' from '+that.entity_name+' '+pkey;
-
-        var dialog = ipa_deleter_dialog({
-            'title': title,
-            'values': values
-        });
-
-        dialog.remove = function() {
-
-            var batch = ipa_batch_command({
-                'on_success': function() {
-                    that.refresh();
-                    dialog.close();
-                },
-                'on_error': function() {
-                    that.refresh();
-                    dialog.close();
-                }
-            });
-
-            for (var i=0; i<values.length; i++) {
-                var command = ipa_command({
-                    'method': that.entity_name+'_remove_'+that.name,
-                    'args': [pkey]
-                });
-
-                command.set_option(that.name, values[i]);
-
-                batch.add_command(command);
-            }
-
-            batch.execute();
-        };
-
-        dialog.init();
-
-        dialog.open(that.container);
-    };
-
-    that.refresh = function() {
-
-        function on_success(data, text_status, xhr) {
-            that.load(data.result.result);
-        }
-
-        function on_error(xhr, text_status, error_thrown) {
-            var summary = $('span[name=summary]', that.table.tfoot).empty();
-            summary.append('<p>Error: '+error_thrown.name+'</p>');
-            summary.append('<p>'+error_thrown.title+'</p>');
-            summary.append('<p>'+error_thrown.message+'</p>');
-        }
-
-        var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || '';
-        ipa_cmd('show', [pkey], {'rights': true}, on_success, on_error, that.entity_name);
-    };
-
-    return that;
-}
diff --git a/install/static/hbacrule.js b/install/static/hbacrule.js
new file mode 100755
index 000000000..0e6d82ccd
--- /dev/null
+++ b/install/static/hbacrule.js
@@ -0,0 +1,984 @@
+/*  Authors:
+ *    Endi Sukma Dewata <edewata@redhat.com>
+ *
+ * Copyright (C) 2010 Red Hat
+ * see file 'COPYING' for use and warranty information
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* REQUIRES: ipa.js, details.js, search.js, add.js, entity.js */
+
+function ipa_hbacrule() {
+
+    var that = ipa_entity({
+        'name': 'hbacrule'
+    });
+
+    that.init = function() {
+
+        var dialog = ipa_hbacrule_add_dialog({
+            'name': 'add',
+            'title': 'Add New Rule'
+        });
+        that.add_dialog(dialog);
+        dialog.init();
+
+        var facet = ipa_hbacrule_search_facet({
+            'name': 'search',
+            'label': 'Search'
+        });
+        that.add_facet(facet);
+
+        facet = ipa_hbacrule_details_facet({
+            'name': 'details',
+            'label': 'Details'
+        });
+        that.add_facet(facet);
+
+        that.entity_init();
+    };
+
+    return that;
+}
+
+IPA.add_entity(ipa_hbacrule());
+
+function ipa_hbacrule_add_dialog(spec) {
+
+    spec = spec || {};
+
+    var that = ipa_add_dialog(spec);
+
+    that.init = function() {
+
+        that.add_field(ipa_text_widget({
+            'name': 'cn',
+            'undo': false
+        }));
+
+        that.add_field(ipa_radio_widget({
+            'name': 'accessruletype',
+            'options': [
+                { 'value': 'allow', 'label': 'Allow' },
+                { 'value': 'deny', 'label': 'Deny' }
+            ],
+            'undo': false
+        }));
+
+        that.add_dialog_init();
+    };
+
+    return that;
+}
+
+function ipa_hbacrule_search_facet(spec) {
+
+    spec = spec || {};
+
+    var that = ipa_search_facet(spec);
+
+    that.init = function() {
+
+        that.create_column({name:'cn'});
+        that.create_column({name:'usercategory'});
+        that.create_column({name:'hostcategory'});
+        that.create_column({name:'ipaenabledflag'});
+        that.create_column({name:'servicecategory'});
+        that.create_column({name:'sourcehostcategory'});
+
+        that.search_facet_init();
+    };
+
+    that.create = function(container) {
+
+/*
+        // Not yet implemented
+
+        var left_buttons = $('<span/>', {
+            'style': 'float: left;'
+        }).appendTo(container);
+
+        left_buttons.append(ipa_button({
+            'label': 'Troubleshoot Rules'
+        }));
+
+        left_buttons.append(ipa_button({
+            'label': 'Cull Disabled Rules'
+        }));
+*/
+
+        that.search_facet_create(container);
+
+    };
+
+    return that;
+}
+
+function ipa_hbacrule_details_facet(spec) {
+
+    spec = spec || {};
+
+    var that = ipa_details_facet(spec);
+
+    that.init = function() {
+
+        var section;
+
+        if (IPA.layout) {
+            section = that.create_section({
+                'name': 'general',
+                'label': 'General',
+                'template': 'hbacrule-details-general.html #contents'
+            });
+
+        } else {
+            section = ipa_hbacrule_details_general_section({
+                'name': 'general',
+                'label': 'General'
+            });
+            that.add_section(section);
+        }
+
+        section.create_text({ 'name': 'cn', 'label': 'Name', 'read_only': true });
+        section.create_radio({ 'name': 'accessruletype', 'label': 'Rule Type' });
+        section.create_textarea({ 'name': 'description', 'label': 'Description' });
+        section.create_radio({ 'name': 'ipaenabledflag', 'label': 'Enabled' });
+
+        if (IPA.layout) {
+            section = that.create_section({
+                'name': 'user',
+                'label': 'Who',
+                'template': 'hbacrule-details-user.html #contents'
+            });
+
+        } else {
+            section = ipa_rule_details_section({
+                'name': 'user',
+                'label': 'Who',
+                'text': 'Rule applies when access is requested by:',
+                'field_name': 'usercategory',
+                'options': [
+                    { 'value': 'all', 'label': 'Anyone' },
+                    { 'value': '', 'label': 'Specified Users and Groups' }
+                ],
+                'tables': [
+                    { 'field_name': 'memberuser_user' },
+                    { 'field_name': 'memberuser_group' }
+                ]
+            });
+            that.add_section(section);
+        }
+
+        var category = section.create_radio({ name: 'usercategory', label: 'User category' });
+        section.add_field(ipa_rule_association_table_widget({
+            'id': that.entity_name+'-memberuser_user',
+            'name': 'memberuser_user', 'label': 'Users', 'category': category,
+            'other_entity': 'user', 'add_method': 'add_user', 'remove_method': 'remove_user'
+        }));
+        section.add_field(ipa_rule_association_table_widget({
+            'id': that.entity_name+'-memberuser_group',
+            'name': 'memberuser_group', 'label': 'Groups', 'category': category,
+            'other_entity': 'group', 'add_method': 'add_user', 'remove_method': 'remove_user'
+        }));
+
+        if (IPA.layout) {
+            section = that.create_section({
+                'name': 'host',
+                'label': 'Accessing',
+                'template': 'hbacrule-details-host.html #contents'
+            });
+
+        } else {
+            section = ipa_rule_details_section({
+                'name': 'host',
+                'label': 'Accessing',
+                'text': 'Rule applies when access is requested to:',
+                'field_name': 'hostcategory',
+                'options': [
+                    { 'value': 'all', 'label': 'Any Host' },
+                    { 'value': '', 'label': 'Specified Hosts and Groups' }
+                ],
+                'tables': [
+                    { 'field_name': 'memberhost_host' },
+                    { 'field_name': 'memberhost_hostgroup' }
+                ]
+            });
+            that.add_section(section);
+        }
+
+        category = section.create_radio({ 'name': 'hostcategory', 'label': 'Host category' });
+        section.add_field(ipa_rule_association_table_widget({
+            'id': that.entity_name+'-memberhost_host',
+            'name': 'memberhost_host', 'label': 'Hosts', 'category': category,
+            'other_entity': 'host', 'add_method': 'add_host', 'remove_method': 'remove_host'
+        }));
+        section.add_field(ipa_rule_association_table_widget({
+            'id': that.entity_name+'-memberhost_hostgroup',
+            'name': 'memberhost_hostgroup', 'label': 'Host Groups', 'category': category,
+            'other_entity': 'hostgroup', 'add_method': 'add_host', 'remove_method': 'remove_host'
+        }));
+
+        if (IPA.layout) {
+            section = that.create_section({
+                'name': 'service',
+                'label': 'Via Service',
+                'template': 'hbacrule-details-service.html #contents'
+            });
+
+        } else {
+            section = ipa_rule_details_section({
+                'name': 'service',
+                'label': 'Via Service',
+                'text': 'Rule applies when access is requested via:',
+                'field_name': 'servicecategory',
+                'options': [
+                    { 'value': 'all', 'label': 'Any Service' },
+                    { 'value': '', 'label': 'Specified Services and Groups' }
+                ],
+                'tables': [
+                    { 'field_name': 'memberservice_hbacsvc' },
+                    { 'field_name': 'memberservice_hbacsvcgroup' }
+                ]
+            });
+            that.add_section(section);
+        }
+
+        category = section.create_radio({ 'name': 'servicecategory', 'label': 'Service category' });
+        section.add_field(ipa_rule_association_table_widget({
+            'id': that.entity_name+'-memberservice_hbacsvc',
+            'name': 'memberservice_hbacsvc', 'label': 'Services', 'category': category,
+            'other_entity': 'hbacsvc', 'add_method': 'add_service', 'remove_method': 'remove_service'
+        }));
+        section.add_field(ipa_rule_association_table_widget({
+            'id': that.entity_name+'-memberservice_hbacsvcgroup',
+            'name': 'memberservice_hbacsvcgroup', 'label': 'Service Groups', 'category': category,
+            'other_entity': 'hbacsvcgroup', 'add_method': 'add_service', 'remove_method': 'remove_service'
+        }));
+
+        if (IPA.layout) {
+            section = that.create_section({
+                'name': 'sourcehost',
+                'label': 'From',
+                'template': 'hbacrule-details-sourcehost.html #contents'
+            });
+
+        } else {
+            section = ipa_rule_details_section({
+                'name': 'sourcehost',
+                'label': 'From',
+                'text': 'Rule applies when access is being initiated from:',
+                'field_name': 'sourcehostcategory',
+                'options': [
+                    { 'value': 'all', 'label': 'Any Host' },
+                    { 'value': '', 'label': 'Specified Hosts and Groups' }
+                ],
+                'tables': [
+                    { 'field_name': 'sourcehost_host' },
+                    { 'field_name': 'sourcehost_hostgroup' }
+                ]
+            });
+            that.add_section(section);
+        }
+
+        category = section.create_radio({ 'name': 'sourcehostcategory', 'label': 'Source host category' });
+        section.add_field(ipa_rule_association_table_widget({
+            'id': that.entity_name+'-sourcehost_host',
+            'name': 'sourcehost_host', 'label': 'Host', 'category': category,
+            'other_entity': 'host', 'add_method': 'add_sourcehost', 'remove_method': 'remove_sourcehost'
+        }));
+        section.add_field(ipa_rule_association_table_widget({
+            'id': that.entity_name+'-sourcehost_hostgroup',
+            'name': 'sourcehost_hostgroup', 'label': 'Host Groups', 'category': category,
+            'other_entity': 'hostgroup', 'add_method': 'add_sourcehost', 'remove_method': 'remove_sourcehost'
+        }));
+/*
+        if (IPA.layout) {
+            section = that.create_section({
+                'name': 'accesstime',
+                'label': 'When',
+                'template': 'hbacrule-details-accesstime.html #contents'
+            });
+
+        } else {
+            section = that.create_section({
+                'name': 'accesstime',
+                'label': 'When'
+            });
+        }
+
+        section.add_field(ipa_hbacrule_accesstime_widget({
+            'id': 'accesstime',
+            'name': 'accesstime', 'label': 'Access Time',
+            'text': 'Rule applies when access is being requested at:',
+            'options': [
+                { 'value': 'all', 'label': 'Any Time' },
+                { 'value': '', 'label': 'Specified Times' }
+            ]
+        }));
+*/
+        that.details_facet_init();
+    };
+
+    that.update = function() {
+
+        var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || '';
+
+        var modify_operation = {
+            'execute': false,
+            'command': ipa_command({
+                'method': that.entity_name+'_mod',
+                'args': [pkey],
+                'options': {'all': true, 'rights': true}
+            })
+        };
+
+        var remove_accesstime = {
+            'template': ipa_command({
+                'method': that.entity_name+'_remove_accesstime',
+                'args': [pkey],
+                'options': {'all': true, 'rights': true}
+            }),
+            'commands': []
+        };
+
+        var categories = {
+            'usercategory': {
+                'remove_values': false
+            },
+            'hostcategory': {
+                'remove_values': false
+            },
+            'servicecategory': {
+                'remove_values': false
+            },
+            'sourcehostcategory': {
+                'remove_values': false
+            }
+        };
+
+        var member_operations = {
+            'memberuser': {
+                'category': 'usercategory',
+                'has_values': false,
+                'command': ipa_command({
+                    'method': that.entity_name+'_remove_user',
+                    'args': [pkey],
+                    'options': {'all': true, 'rights': true}
+                })
+            },
+            'memberhost': {
+                'category': 'hostcategory',
+                'has_values': false,
+                'command': ipa_command({
+                    'method': that.entity_name+'_remove_host',
+                    'args': [pkey],
+                    'options': {'all': true, 'rights': true}
+                })
+            },
+            'memberservice': {
+                'category': 'servicecategory',
+                'has_values': false,
+                'command': ipa_command({
+                    'method': that.entity_name+'_remove_service',
+                    'args': [pkey],
+                    'options': {'all': true, 'rights': true}
+                })
+            },
+            'sourcehost': {
+                'category': 'sourcehostcategory',
+                'has_values': false,
+                'command': ipa_command({
+                    'method': that.entity_name+'_remove_sourcehost',
+                    'args': [pkey],
+                    'options': {'all': true, 'rights': true}
+                })
+            }
+        };
+
+        var enable_operation = {
+            'execute': false,
+            'command': ipa_command({
+                'method': that.entity_name+'_enable',
+                'args': [pkey],
+                'options': {'all': true, 'rights': true}
+            })
+        };
+
+        for (var i=0; i<that.sections.length; i++) {
+            var section = that.sections[i];
+
+            var div = $('#'+that.entity_name+'-'+that.name+'-'+section.name, that.container);
+
+            for (var j=0; j<section.fields.length; j++) {
+                var field = section.fields[j];
+
+                var span = $('span[name='+field.name+']', div).first();
+                var values = field.save();
+                if (!values) continue;
+
+                var param_info = ipa_get_param_info(that.entity_name, field.name);
+
+                // skip primary key
+                if (param_info && param_info['primary_key']) continue;
+
+                var p = field.name.indexOf('_');
+                if (p >= 0) {
+                    // prepare command to remove members if needed
+                    var attribute = field.name.substring(0, p);
+                    var other_entity = field.name.substring(p+1);
+
+                    if (values.length) {
+                        member_operations[attribute].command.set_option(other_entity, values.join(','));
+                        member_operations[attribute].has_values = true;
+                    }
+                    continue;
+                }
+
+                // skip unchanged field
+                if (!field.is_dirty(span)) continue;
+
+                // check enable/disable
+                if (field.name == 'ipaenabledflag') {
+                    if (values[0] == 'FALSE') enable_operation.command.method = that.entity_name+'_disable';
+                    enable_operation.execute = true;
+                    continue;
+                }
+
+                if (field.name == 'accesstime') {
+                    // if accesstime is dirty, it means 'Any Time' is selected,
+                    // so existing values have to be removed
+                    for (var k=0; k<field.values.length; k++) {
+                        var command = ipa_command(remove_accesstime.template);
+                        command.set_option(field.name, field.values[k]);
+                        remove_accesstime.commands.push(command);
+                    }
+                    continue;
+                }
+
+                if (categories[field.name]) {
+                    if (values[0] == 'all') {
+                        categories[field.name].remove_values = true;
+                    }
+                }
+
+                // use setattr/addattr if param_info not available
+                if (!param_info) {
+                    for (var k=0; k<values.length; k++) {
+                        modify_operation.command.set_option(
+                            k == 0 ? 'setattr' : 'addattr',
+                            field.name+'='+values[k]
+                        );
+                        modify_operation.execute = true;
+                    }
+                    continue;
+                }
+
+                // set modify options
+                if (values.length == 1) {
+                    modify_operation.command.set_option(field.name, values[0]);
+                } else {
+                    modify_operation.command.set_option(field.name, values);
+                }
+                modify_operation.execute = true;
+            }
+        }
+
+        var batch = ipa_batch_command({
+            'name': 'hbac_details_update',
+            'on_success': function(data, text_status, xhr) {
+                that.refresh();
+            },
+            'on_error': function(xhr, text_status, error_thrown) {
+                that.refresh();
+            }
+        });
+
+        for (var member_attribute in member_operations) {
+            var member_operation = member_operations[member_attribute];
+            if (member_operation.has_values &&
+                categories[member_operation.category].remove_values) {
+                batch.add_command(member_operations[member_attribute].command);
+            }
+        }
+
+        batch.add_commands(remove_accesstime.commands);
+
+        if (modify_operation.execute) batch.add_command(modify_operation.command);
+        if (enable_operation.execute) batch.add_command(enable_operation.command);
+
+        if (!batch.commands.length) {
+            that.refresh();
+            return;
+        }
+
+        alert(JSON.stringify(batch.to_json()));
+
+        batch.execute();
+    };
+
+    that.reset = function() {
+        for (var i=0; i<that.sections.length; i++) {
+            var section = that.sections[i];
+            section.reset();
+        }
+    };
+
+    return that;
+}
+
+function ipa_hbacrule_details_general_section(spec){
+
+    spec = spec || {};
+
+    var that = ipa_details_section(spec);
+
+    that.create = function(container) {
+
+        var table = $('<table/>', {
+            'style': 'width: 100%;'
+        }).appendTo(container);
+
+        var tr = $('<tr/>').appendTo(table);
+
+        var td = $('<td/>', {
+            'style': 'width: 100px; text-align: right;',
+            'html': 'Name:'
+        }).appendTo(tr);
+
+        td = $('<td/>').appendTo(tr);
+
+        var span = $('<span/>', { 'name': 'cn' }).appendTo(td);
+
+        $('<input/>', {
+            'type': 'text',
+            'name': 'cn',
+            'size': 30
+        }).appendTo(span);
+
+        span.append(' ');
+
+        $('<span/>', {
+            'name': 'undo',
+            'class': 'ui-state-highlight ui-corner-all',
+            'style': 'display: none;',
+            'html': 'undo'
+        }).appendTo(span);
+
+        td = $('<td/>', {
+            'style': 'text-align: right;'
+        }).appendTo(tr);
+
+        td.append('Rule type:');
+
+        span = $('<span/>', { 'name': 'accessruletype' }).appendTo(td);
+
+        $('<input/>', {
+            'type': 'radio',
+            'name': 'accessruletype',
+            'value': 'allow'
+        }).appendTo(span);
+
+        span.append('Allow');
+
+        $('<input/>', {
+            'type': 'radio',
+            'name': 'accessruletype',
+            'value': 'deny'
+        }).appendTo(span);
+
+        span.append('Deny');
+
+        span.append(' ');
+
+        $('<span/>', {
+            'name': 'undo',
+            'class': 'ui-state-highlight ui-corner-all',
+            'style': 'display: none;',
+            'html': 'undo'
+        }).appendTo(span);
+
+        tr = $('<tr/>').appendTo(table);
+
+        td = $('<td/>', {
+            'style': 'text-align: right; vertical-align: top;',
+            'html': 'Description:'
+        }).appendTo(tr);
+
+        td = $('<td/>', {
+            'colspan': 2
+        }).appendTo(tr);
+
+        span = $('<span/>', { 'name': 'description' }).appendTo(td);
+
+        $('<textarea/>', {
+            'name': 'description',
+            'rows': 5,
+            'style': 'width: 100%'
+        }).appendTo(span);
+
+        span.append(' ');
+
+        $('<span/>', {
+            'name': 'undo',
+            'class': 'ui-state-highlight ui-corner-all',
+            'style': 'display: none;',
+            'html': 'undo'
+        }).appendTo(span);
+
+        tr = $('<tr/>').appendTo(table);
+
+        td = $('<td/>', {
+            'style': 'text-align: right; vertical-align: top;',
+            'html': 'Rule status:'
+        }).appendTo(tr);
+
+        td = $('<td/>', {
+            'colspan': 2
+        }).appendTo(tr);
+
+        span = $('<span/>', { 'name': 'ipaenabledflag' }).appendTo(td);
+
+        $('<input/>', {
+            'type': 'radio',
+            'name': 'ipaenabledflag',
+            'value': 'TRUE'
+        }).appendTo(span);
+
+        span.append('Active');
+
+        $('<input/>', {
+            'type': 'radio',
+            'name': 'ipaenabledflag',
+            'value': 'FALSE'
+        }).appendTo(span);
+
+        span.append('Inactive');
+
+        span.append(' ');
+
+        $('<span/>', {
+            'name': 'undo',
+            'class': 'ui-state-highlight ui-corner-all',
+            'style': 'display: none;',
+            'html': 'undo'
+        }).appendTo(span);
+    };
+
+    return that;
+}
+
+function ipa_hbacrule_accesstime_widget(spec) {
+
+    spec = spec || {};
+
+    var that = ipa_widget(spec);
+
+    that.text = spec.text;
+    that.options = spec.options || [];
+
+    that.init = function() {
+
+        that.widget_init();
+
+        that.table = ipa_table_widget({
+            'id': 'accesstime-table',
+            'name': 'table', 'label': that.label
+        });
+
+        that.table.create_column({
+            'name': that.name,
+            'label': that.label,
+            'primary_key': true
+        });
+
+        that.table.init();
+    };
+
+    that.create = function(container) {
+
+        that.widget_create(container);
+
+        var span = $('<span/>', { 'name': 'text' }).appendTo(container);
+
+        span.append(that.text);
+
+        for (var i=0; i<that.options.length; i++) {
+            var option = that.options[i];
+
+            $('<input/>', {
+                'type': 'radio',
+                'name': that.name,
+                'value': option.value
+            }).appendTo(container);
+
+            container.append(option.label);
+        }
+
+        container.append(' ');
+
+        $('<span/>', {
+            'name': 'undo',
+            'class': 'ui-state-highlight ui-corner-all',
+            'style': 'display: none;',
+            'html': 'undo'
+        }).appendTo(container);
+
+        container.append('<br/>');
+
+        span = $('<span/>', { 'name': 'table' }).appendTo(container);
+
+        that.table.create(span);
+
+        var buttons = $('span[name=buttons]', span);
+
+        $('<input/>', {
+            'type': 'button',
+            'name': 'remove',
+            'value': 'Remove '+that.label
+        }).appendTo(buttons);
+
+        $('<input/>', {
+            'type': 'button',
+            'name': 'add',
+            'value': 'Add '+that.label
+        }).appendTo(buttons);
+    };
+
+    that.setup = function(container) {
+
+        that.widget_setup(container);
+
+        var span = $('span[name="table"]', that.container);
+        that.table.setup(span);
+
+        var button = $('input[name=remove]', span);
+        button.replaceWith(ipa_button({
+            'label': button.val(),
+            'icon': 'ui-icon-trash',
+            'click': function() { that.remove(that.container); }
+        }));
+
+        button = $('input[name=add]', span);
+        button.replaceWith(ipa_button({
+            'label': button.val(),
+            'icon': 'ui-icon-plus',
+            'click': function() { that.add(that.container) }
+        }));
+
+        var input = $('input[name="'+that.name+'"]', that.container);
+        input.change(function() {
+            that.show_undo();
+        });
+
+        var undo = that.get_undo();
+        undo.click(function() {
+            that.reset();
+        });
+    };
+
+    that.save = function() {
+        var value = $('input[name="'+that.name+'"]:checked', that.container).val();
+        if (value == '') {
+            return that.table.save();
+        } else {
+            return [];
+        }
+    };
+
+    that.load = function(record) {
+
+        that.values = record[that.name] || [];
+        that.reset();
+    };
+
+    that.update = function() {
+
+        that.set_category(that.container, that.values && that.values.length ? '' : 'all');
+
+        that.table.tbody.empty();
+        for (var i=0; that.values && i<that.values.length; i++) {
+            var record = {};
+            record[that.name] = that.values[i];
+            that.table.add_record(record);
+        }
+    };
+
+    that.set_category = function(container, value) {
+        $('input[name="'+that.name+'"][value="'+value+'"]', that.container).get(0).checked = true;
+    };
+
+    that.add = function() {
+
+        var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || '';
+        var title = 'Add '+that.label+' to '+that.entity_name+' '+pkey;
+
+        var dialog = ipa_dialog({
+            'title': title
+        });
+
+        dialog.add_field(ipa_text_widget({
+            'name': that.name,
+            'label': that.label
+        }));
+
+        dialog.create = function() {
+            var table = $('<table/>').appendTo(dialog.container);
+
+            var tr = $('<tr/>').appendTo(table);
+
+            var td = $('<td/>', {
+                'style': 'vertical-align: top;'
+            }).appendTo(tr);
+            td.append(that.label+': ');
+
+            td = $('<td/>').appendTo(tr);
+
+            var span = $('<span/>', { 'name': that.name }).appendTo(td);
+
+            $('<input/>', {
+                'type': 'text',
+                'name': that.name,
+                'size': 40
+            }).appendTo(span);
+
+            tr = $('<tr/>').appendTo(table);
+
+            td = $('<td/>', {
+                'style': 'vertical-align: top;'
+            }).appendTo(tr);
+            td.append('Example:');
+
+            td = $('<td/>').appendTo(tr);
+
+            td.append('<b>Every day between 0800 and 1400:</b><br/>');
+            td.append('periodic daily 0800-1400<br/><br/>');
+
+            td.append('<b>December 16, 2010 from 10:32 until 10:33:</b><br/>');
+            td.append('absolute 201012161032 ~ 201012161033<td/>');
+        };
+
+        function add(on_success, on_error) {
+
+            var field = dialog.get_field(that.name);
+            var value = field.save()[0];
+
+            var command = ipa_command({
+                'method': that.entity_name+'_add_'+that.name,
+                'args': [pkey],
+                'on_success': function() {
+                    that.refresh();
+                    if (on_success) on_success();
+                },
+                'on_error': function() {
+                    that.refresh();
+                    if (on_error) on_error();
+                }
+            });
+
+            command.set_option(that.name, value);
+
+            command.execute();
+        }
+
+        dialog.add_button('Add', function() {
+            add(
+                function() { dialog.reset(); }
+            );
+        });
+
+        dialog.add_button('Add and Close', function() {
+            add(
+                function() { dialog.close(); },
+                function() { dialog.close(); }
+            );
+        });
+
+        dialog.add_button('Cancel', function() {
+            dialog.close();
+        });
+
+        dialog.init();
+
+        dialog.open(that.container);
+    };
+
+    that.remove = function() {
+
+        var values = that.table.get_selected_values();
+
+        if (!values.length) {
+            alert('Select '+that.label+' to be removed.');
+            return;
+        }
+
+        var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || '';
+        var title = 'Remove '+that.label+' from '+that.entity_name+' '+pkey;
+
+        var dialog = ipa_deleter_dialog({
+            'title': title,
+            'values': values
+        });
+
+        dialog.remove = function() {
+
+            var batch = ipa_batch_command({
+                'on_success': function() {
+                    that.refresh();
+                    dialog.close();
+                },
+                'on_error': function() {
+                    that.refresh();
+                    dialog.close();
+                }
+            });
+
+            for (var i=0; i<values.length; i++) {
+                var command = ipa_command({
+                    'method': that.entity_name+'_remove_'+that.name,
+                    'args': [pkey]
+                });
+
+                command.set_option(that.name, values[i]);
+
+                batch.add_command(command);
+            }
+
+            batch.execute();
+        };
+
+        dialog.init();
+
+        dialog.open(that.container);
+    };
+
+    that.refresh = function() {
+
+        function on_success(data, text_status, xhr) {
+            that.load(data.result.result);
+        }
+
+        function on_error(xhr, text_status, error_thrown) {
+            var summary = $('span[name=summary]', that.table.tfoot).empty();
+            summary.append('<p>Error: '+error_thrown.name+'</p>');
+            summary.append('<p>'+error_thrown.title+'</p>');
+            summary.append('<p>'+error_thrown.message+'</p>');
+        }
+
+        var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || '';
+        ipa_cmd('show', [pkey], {'rights': true}, on_success, on_error, that.entity_name);
+    };
+
+    return that;
+}
diff --git a/install/static/index.html b/install/static/index.html
index 9a62470f9..d63bfc106 100644
--- a/install/static/index.html
+++ b/install/static/index.html
@@ -23,7 +23,7 @@
     <script type="text/javascript" src="certificate.js"></script>
     <script type="text/javascript" src="user.js"></script>
     <script type="text/javascript" src="group.js"></script>
-    <script type="text/javascript" src="hbac.js"></script>
+    <script type="text/javascript" src="hbacrule.js"></script>
     <script type="text/javascript" src="hbacsvc.js"></script>
     <script type="text/javascript" src="hbacsvcgroup.js"></script>
     <script type="text/javascript" src="host.js"></script>
diff --git a/install/static/layouts/default/Makefile.am b/install/static/layouts/default/Makefile.am
index ca57a6539..b02c1c504 100644
--- a/install/static/layouts/default/Makefile.am
+++ b/install/static/layouts/default/Makefile.am
@@ -7,12 +7,12 @@ SUBDIRS =  				\
 
 appdir = $(IPA_DATA_DIR)/static/layouts/default
 app_DATA =                              \
-	hbac-details-accesstime.html	\
-	hbac-details-general.html	\
-	hbac-details-host.html		\
-	hbac-details-service.html	\
-	hbac-details-sourcehost.html	\
-	hbac-details-user.html		\
+	hbacrule-details-accesstime.html	\
+	hbacrule-details-general.html	\
+	hbacrule-details-host.html		\
+	hbacrule-details-service.html	\
+	hbacrule-details-sourcehost.html	\
+	hbacrule-details-user.html		\
 	sudorule-details-general.html	\
 	sudorule-group-dialog.html	\
 	sudorule-host-dialog.html	\
diff --git a/install/static/layouts/default/hbac-details-accesstime.html b/install/static/layouts/default/hbac-details-accesstime.html
deleted file mode 100755
index 8d5e258b3..000000000
--- a/install/static/layouts/default/hbac-details-accesstime.html
+++ /dev/null
@@ -1,49 +0,0 @@
-<html>
-<head>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-    <title>When</title>
-
-    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
-    <link rel="stylesheet" type="text/css" href="ipa.css" />
-</head>
-<body>
-<div id="contents">
-    <span name="accesstime">
-        <span name="text">Rule applies when access is being requested at:</span>
-        <input type="radio" name="accesstime" value="all"/>Any Time
-        <input type="radio" name="accesstime" value=""/>Specified Times
-        <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
-        <br/>
-
-        <span name="table">
-        <table class="search-table">
-        <thead>
-            <tr>
-                <th style="width: 25px;">
-                    <input type="checkbox" name="select"/>
-                </th>
-                <th>
-                    <span style="float: left;">Access Time</span>
-                    <span name="buttons" style="float: right;">
-                        <input type="button" name="remove" value="Remove Access Times"/>
-                        <input type="button" name="add" value="Add Access Times"/>
-                    </span>
-                </th>
-            </tr>
-        </thead>
-        <tbody>
-            <tr>
-                <td>
-                    <input type="checkbox" name="select" value="time"/>
-                </td>
-                <td>
-                    <span name="accesstime">time</span>
-                </td>
-            </tr>
-        </tbody>
-        </table>
-        </span>
-    </span>
-</div>
-</body>
-</html>
\ No newline at end of file
diff --git a/install/static/layouts/default/hbac-details-general.html b/install/static/layouts/default/hbac-details-general.html
deleted file mode 100755
index 978369090..000000000
--- a/install/static/layouts/default/hbac-details-general.html
+++ /dev/null
@@ -1,57 +0,0 @@
-<html>
-<head>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-    <title>General</title>
-
-    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
-    <link rel="stylesheet" type="text/css" href="ipa.css" />
-</head>
-<body>
-<div id="contents">
-    <table style="width: 100%; border: 0 solid black;">
-    <tr>
-        <td style="width: 100px; text-align: right;">
-            Name:
-        </td>
-        <td>
-            <span name="cn">
-                <input type="text" name="cn" size="30"/>
-                <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
-            </span>
-        </td>
-        <td style="text-align: right;">
-            Rule type:
-            <span name="accessruletype">
-                <input type="radio" name="accessruletype" value="allow"/>Allow
-                <input type="radio" name="accessruletype" value="deny"/>Deny
-                <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
-            </span>
-        </td>
-    </tr>
-    <tr>
-        <td style="text-align: right; vertical-align: top;">
-            Description:
-        </td>
-        <td colspan="2">
-            <span name="description">
-                <textarea name="description" rows="5" style="width: 100%;" cols="40"></textarea>
-                <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
-            </span>
-        </td>
-    </tr>
-    <tr>
-        <td style="text-align: right; vertical-align: top;">
-            Rule status:
-        </td>
-        <td colspan="2">
-            <span name="ipaenabledflag">
-                <input type="radio" name="ipaenabledflag" value="TRUE"/>Active
-                <input type="radio" name="ipaenabledflag" value="FALSE"/>Inactive
-                <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
-            </span>
-        </td>
-    </tr>
-    </table>
-</div>
-</body>
-</html>
diff --git a/install/static/layouts/default/hbac-details-host.html b/install/static/layouts/default/hbac-details-host.html
deleted file mode 100755
index 1ba386dab..000000000
--- a/install/static/layouts/default/hbac-details-host.html
+++ /dev/null
@@ -1,78 +0,0 @@
-<html>
-<head>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-    <title>Accessing</title>
-
-    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
-    <link rel="stylesheet" type="text/css" href="ipa.css" />
-</head>
-<body>
-<div id="contents">
-    Rule applies when access is requested to:
-    <span name="hostcategory">
-        <input type="radio" name="hostcategory" value="all"/>Any Host
-        <input type="radio" name="hostcategory" value=""/>Specified Hosts and Groups
-        <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
-    </span>
-    <br/>
-
-    <span name="memberhost_host">
-    <table class="search-table">
-    <thead>
-        <tr>
-            <th style="width: 25px;">
-                <input type="checkbox" name="select"/>
-            </th>
-            <th>
-                <span style="float: left;">Host</span>
-                <span name="buttons" style="float: right;">
-                    <input type="button" name="remove" value="Remove Hosts"/>
-                    <input type="button" name="add" value="Add Hosts"/>
-                </span>
-            </th>
-        </tr>
-    </thead>
-    <tbody>
-        <tr>
-            <td>
-                <input type="checkbox" name="select" value="host"/>
-            </td>
-            <td>
-                <span name="memberhost_host">host</span>
-            </td>
-        </tr>
-    </tbody>
-    </table>
-    </span>
-
-    <span name="memberhost_hostgroup">
-    <table class="search-table">
-    <thead>
-        <tr>
-            <th style="width: 25px;">
-                <input type="checkbox" name="select"/>
-            </th>
-            <th>
-                <span style="float: left;">Host Group</span>
-                <span name="buttons" style="float: right;">
-                    <input type="button" name="remove" value="Remove Host Groups"/>
-                    <input type="button" name="add" value="Add Host Groups"/>
-                </span>
-            </th>
-        </tr>
-    </thead>
-    <tbody>
-        <tr>
-            <td>
-                <input type="checkbox" name="select" value="hostgroups"/>
-            </td>
-            <td>
-                <span name="memberhost_hostgroup">hostgroups</span>
-            </td>
-        </tr>
-    </tbody>
-    </table>
-    </span>
-</div>
-</body>
-</html>
\ No newline at end of file
diff --git a/install/static/layouts/default/hbac-details-service.html b/install/static/layouts/default/hbac-details-service.html
deleted file mode 100755
index 77e8420d3..000000000
--- a/install/static/layouts/default/hbac-details-service.html
+++ /dev/null
@@ -1,78 +0,0 @@
-<html>
-<head>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-    <title>Via Service</title>
-
-    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
-    <link rel="stylesheet" type="text/css" href="ipa.css" />
-</head>
-<body>
-<div id="contents">
-    Rule applies when access is requested via:
-    <span name="servicecategory">
-        <input type="radio" name="servicecategory" value="all"/>Any Service
-        <input type="radio" name="servicecategory" value=""/>Specified Services and Groups
-        <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
-    </span>
-    <br/>
-
-    <span name="memberservice_hbacsvc">
-    <table class="search-table">
-    <thead>
-        <tr>
-            <th style="width: 25px;">
-                <input type="checkbox" name="select"/>
-            </th>
-            <th>
-                <span style="float: left;">Service</span>
-                <span name="buttons" style="float: right;">
-                    <input type="button" name="remove" value="Remove Services"/>
-                    <input type="button" name="add" value="Add Services"/>
-                </span>
-            </th>
-        </tr>
-    </thead>
-    <tbody>
-        <tr>
-            <td>
-                <input type="checkbox" name="select" value="service"/>
-            </td>
-            <td>
-                <span name="memberservice_hbacsvc">service</span>
-            </td>
-        </tr>
-    </tbody>
-    </table>
-    </span>
-
-    <span name="memberservice_hbacsvcgroup">
-    <table class="search-table">
-    <thead>
-        <tr>
-            <th style="width: 25px;">
-                <input type="checkbox" name="select"/>
-            </th>
-            <th>
-                <span style="float: left;">Service Group</span>
-                <span name="buttons" style="float: right;">
-                    <input type="button" name="remove" value="Remove Service Groups"/>
-                    <input type="button" name="add" value="Add Service Groups"/>
-                </span>
-            </th>
-        </tr>
-    </thead>
-    <tbody>
-        <tr>
-            <td>
-                <input type="checkbox" name="select" value="services"/>
-            </td>
-            <td>
-                <span name="memberservice_hbacsvcgroup">services</span>
-            </td>
-        </tr>
-    </tbody>
-    </table>
-    </span>
-</div>
-</body>
-</html>
\ No newline at end of file
diff --git a/install/static/layouts/default/hbac-details-sourcehost.html b/install/static/layouts/default/hbac-details-sourcehost.html
deleted file mode 100755
index aae1ef380..000000000
--- a/install/static/layouts/default/hbac-details-sourcehost.html
+++ /dev/null
@@ -1,78 +0,0 @@
-<html>
-<head>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-    <title>From</title>
-
-    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
-    <link rel="stylesheet" type="text/css" href="ipa.css" />
-</head>
-<body>
-<div id="contents">
-    Rule applies when access is being initiated from:
-    <span name="sourcehostcategory">
-        <input type="radio" name="sourcehostcategory" value="all"/>Any Host
-        <input type="radio" name="sourcehostcategory" value=""/>Specified Hosts and Groups
-        <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
-    </span>
-    <br/>
-
-    <span name="sourcehost_host">
-    <table class="search-table">
-    <thead>
-        <tr>
-            <th style="width: 25px;">
-                <input type="checkbox" name="select"/>
-            </th>
-            <th>
-                <span style="float: left;">Host</span>
-                <span name="buttons" style="float: right;">
-                    <input type="button" name="remove" value="Remove Hosts"/>
-                    <input type="button" name="add" value="Add Hosts"/>
-                </span>
-            </th>
-        </tr>
-    </thead>
-    <tbody>
-        <tr>
-            <td>
-                <input type="checkbox" name="select" value="host"/>
-            </td>
-            <td>
-                <span name="sourcehost_host">host</span>
-            </td>
-        </tr>
-    </tbody>
-    </table>
-    </span>
-
-    <span name="sourcehost_hostgroup">
-    <table class="search-table">
-    <thead>
-        <tr>
-            <th style="width: 25px;">
-                <input type="checkbox" name="select"/>
-            </th>
-            <th>
-                <span style="float: left;">Host Group</span>
-                <span name="buttons" style="float: right;">
-                    <input type="button" name="remove" value="Remove Host Groups"/>
-                    <input type="button" name="add" value="Add Host Groups"/>
-                </span>
-            </th>
-        </tr>
-    </thead>
-    <tbody>
-        <tr>
-            <td>
-                <input type="checkbox" name="select" value="hosts"/>
-            </td>
-            <td>
-                <span name="sourcehost_hostgroup">hosts</span>
-            </td>
-        </tr>
-    </tbody>
-    </table>
-    </span>
-</div>
-</body>
-</html>
\ No newline at end of file
diff --git a/install/static/layouts/default/hbac-details-user.html b/install/static/layouts/default/hbac-details-user.html
deleted file mode 100755
index 1b58848fe..000000000
--- a/install/static/layouts/default/hbac-details-user.html
+++ /dev/null
@@ -1,78 +0,0 @@
-<html>
-<head>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-    <title>Who</title>
-
-    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
-    <link rel="stylesheet" type="text/css" href="ipa.css" />
-</head>
-<body>
-<div id="contents">
-    Rule applies when access is requested by:
-    <span name="usercategory">
-        <input type="radio" name="usercategory" value="all"/>Anyone
-        <input type="radio" name="usercategory" value=""/>Specified Users and Groups
-        <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
-    </span>
-    <br/>
-
-    <span name="memberuser_user">
-    <table class="search-table">
-    <thead>
-        <tr>
-            <th style="width: 25px;">
-                <input type="checkbox" name="select"/>
-            </th>
-            <th>
-                <span style="float: left;">User</span>
-                <span name="buttons" style="float: right;">
-                    <input type="button" name="remove" value="Remove Users"/>
-                    <input type="button" name="add" value="Add Users"/>
-                </span>
-            </th>
-        </tr>
-    </thead>
-    <tbody>
-        <tr>
-            <td>
-                <input type="checkbox" name="select" value="user"/>
-            </td>
-            <td>
-                <span name="memberuser_user">user</span>
-            </td>
-        </tr>
-    </tbody>
-    </table>
-    </span>
-
-    <span name="memberuser_group">
-    <table class="search-table">
-    <thead>
-        <tr>
-            <th style="width: 25px;">
-                <input type="checkbox" name="select"/>
-            </th>
-            <th>
-                <span style="float: left;">User Group</span>
-                <span name="buttons" style="float: right;">
-                    <input type="button" name="remove" value="Remove User Groups"/>
-                    <input type="button" name="add" value="Add User Groups"/>
-                </span>
-            </th>
-        </tr>
-    </thead>
-    <tbody>
-        <tr>
-            <td>
-                <input type="checkbox" name="select" value="users"/>
-            </td>
-            <td>
-                <span name="memberuser_group">users</span>
-            </td>
-        </tr>
-    </tbody>
-    </table>
-    </span>
-</div>
-</body>
-</html>
\ No newline at end of file
diff --git a/install/static/layouts/default/hbacrule-details-accesstime.html b/install/static/layouts/default/hbacrule-details-accesstime.html
new file mode 100755
index 000000000..8d5e258b3
--- /dev/null
+++ b/install/static/layouts/default/hbacrule-details-accesstime.html
@@ -0,0 +1,49 @@
+<html>
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <title>When</title>
+
+    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
+    <link rel="stylesheet" type="text/css" href="ipa.css" />
+</head>
+<body>
+<div id="contents">
+    <span name="accesstime">
+        <span name="text">Rule applies when access is being requested at:</span>
+        <input type="radio" name="accesstime" value="all"/>Any Time
+        <input type="radio" name="accesstime" value=""/>Specified Times
+        <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
+        <br/>
+
+        <span name="table">
+        <table class="search-table">
+        <thead>
+            <tr>
+                <th style="width: 25px;">
+                    <input type="checkbox" name="select"/>
+                </th>
+                <th>
+                    <span style="float: left;">Access Time</span>
+                    <span name="buttons" style="float: right;">
+                        <input type="button" name="remove" value="Remove Access Times"/>
+                        <input type="button" name="add" value="Add Access Times"/>
+                    </span>
+                </th>
+            </tr>
+        </thead>
+        <tbody>
+            <tr>
+                <td>
+                    <input type="checkbox" name="select" value="time"/>
+                </td>
+                <td>
+                    <span name="accesstime">time</span>
+                </td>
+            </tr>
+        </tbody>
+        </table>
+        </span>
+    </span>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/install/static/layouts/default/hbacrule-details-general.html b/install/static/layouts/default/hbacrule-details-general.html
new file mode 100755
index 000000000..978369090
--- /dev/null
+++ b/install/static/layouts/default/hbacrule-details-general.html
@@ -0,0 +1,57 @@
+<html>
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <title>General</title>
+
+    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
+    <link rel="stylesheet" type="text/css" href="ipa.css" />
+</head>
+<body>
+<div id="contents">
+    <table style="width: 100%; border: 0 solid black;">
+    <tr>
+        <td style="width: 100px; text-align: right;">
+            Name:
+        </td>
+        <td>
+            <span name="cn">
+                <input type="text" name="cn" size="30"/>
+                <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
+            </span>
+        </td>
+        <td style="text-align: right;">
+            Rule type:
+            <span name="accessruletype">
+                <input type="radio" name="accessruletype" value="allow"/>Allow
+                <input type="radio" name="accessruletype" value="deny"/>Deny
+                <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
+            </span>
+        </td>
+    </tr>
+    <tr>
+        <td style="text-align: right; vertical-align: top;">
+            Description:
+        </td>
+        <td colspan="2">
+            <span name="description">
+                <textarea name="description" rows="5" style="width: 100%;" cols="40"></textarea>
+                <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
+            </span>
+        </td>
+    </tr>
+    <tr>
+        <td style="text-align: right; vertical-align: top;">
+            Rule status:
+        </td>
+        <td colspan="2">
+            <span name="ipaenabledflag">
+                <input type="radio" name="ipaenabledflag" value="TRUE"/>Active
+                <input type="radio" name="ipaenabledflag" value="FALSE"/>Inactive
+                <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
+            </span>
+        </td>
+    </tr>
+    </table>
+</div>
+</body>
+</html>
diff --git a/install/static/layouts/default/hbacrule-details-host.html b/install/static/layouts/default/hbacrule-details-host.html
new file mode 100755
index 000000000..1ba386dab
--- /dev/null
+++ b/install/static/layouts/default/hbacrule-details-host.html
@@ -0,0 +1,78 @@
+<html>
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <title>Accessing</title>
+
+    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
+    <link rel="stylesheet" type="text/css" href="ipa.css" />
+</head>
+<body>
+<div id="contents">
+    Rule applies when access is requested to:
+    <span name="hostcategory">
+        <input type="radio" name="hostcategory" value="all"/>Any Host
+        <input type="radio" name="hostcategory" value=""/>Specified Hosts and Groups
+        <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
+    </span>
+    <br/>
+
+    <span name="memberhost_host">
+    <table class="search-table">
+    <thead>
+        <tr>
+            <th style="width: 25px;">
+                <input type="checkbox" name="select"/>
+            </th>
+            <th>
+                <span style="float: left;">Host</span>
+                <span name="buttons" style="float: right;">
+                    <input type="button" name="remove" value="Remove Hosts"/>
+                    <input type="button" name="add" value="Add Hosts"/>
+                </span>
+            </th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td>
+                <input type="checkbox" name="select" value="host"/>
+            </td>
+            <td>
+                <span name="memberhost_host">host</span>
+            </td>
+        </tr>
+    </tbody>
+    </table>
+    </span>
+
+    <span name="memberhost_hostgroup">
+    <table class="search-table">
+    <thead>
+        <tr>
+            <th style="width: 25px;">
+                <input type="checkbox" name="select"/>
+            </th>
+            <th>
+                <span style="float: left;">Host Group</span>
+                <span name="buttons" style="float: right;">
+                    <input type="button" name="remove" value="Remove Host Groups"/>
+                    <input type="button" name="add" value="Add Host Groups"/>
+                </span>
+            </th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td>
+                <input type="checkbox" name="select" value="hostgroups"/>
+            </td>
+            <td>
+                <span name="memberhost_hostgroup">hostgroups</span>
+            </td>
+        </tr>
+    </tbody>
+    </table>
+    </span>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/install/static/layouts/default/hbacrule-details-service.html b/install/static/layouts/default/hbacrule-details-service.html
new file mode 100755
index 000000000..77e8420d3
--- /dev/null
+++ b/install/static/layouts/default/hbacrule-details-service.html
@@ -0,0 +1,78 @@
+<html>
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <title>Via Service</title>
+
+    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
+    <link rel="stylesheet" type="text/css" href="ipa.css" />
+</head>
+<body>
+<div id="contents">
+    Rule applies when access is requested via:
+    <span name="servicecategory">
+        <input type="radio" name="servicecategory" value="all"/>Any Service
+        <input type="radio" name="servicecategory" value=""/>Specified Services and Groups
+        <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
+    </span>
+    <br/>
+
+    <span name="memberservice_hbacsvc">
+    <table class="search-table">
+    <thead>
+        <tr>
+            <th style="width: 25px;">
+                <input type="checkbox" name="select"/>
+            </th>
+            <th>
+                <span style="float: left;">Service</span>
+                <span name="buttons" style="float: right;">
+                    <input type="button" name="remove" value="Remove Services"/>
+                    <input type="button" name="add" value="Add Services"/>
+                </span>
+            </th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td>
+                <input type="checkbox" name="select" value="service"/>
+            </td>
+            <td>
+                <span name="memberservice_hbacsvc">service</span>
+            </td>
+        </tr>
+    </tbody>
+    </table>
+    </span>
+
+    <span name="memberservice_hbacsvcgroup">
+    <table class="search-table">
+    <thead>
+        <tr>
+            <th style="width: 25px;">
+                <input type="checkbox" name="select"/>
+            </th>
+            <th>
+                <span style="float: left;">Service Group</span>
+                <span name="buttons" style="float: right;">
+                    <input type="button" name="remove" value="Remove Service Groups"/>
+                    <input type="button" name="add" value="Add Service Groups"/>
+                </span>
+            </th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td>
+                <input type="checkbox" name="select" value="services"/>
+            </td>
+            <td>
+                <span name="memberservice_hbacsvcgroup">services</span>
+            </td>
+        </tr>
+    </tbody>
+    </table>
+    </span>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/install/static/layouts/default/hbacrule-details-sourcehost.html b/install/static/layouts/default/hbacrule-details-sourcehost.html
new file mode 100755
index 000000000..aae1ef380
--- /dev/null
+++ b/install/static/layouts/default/hbacrule-details-sourcehost.html
@@ -0,0 +1,78 @@
+<html>
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <title>From</title>
+
+    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
+    <link rel="stylesheet" type="text/css" href="ipa.css" />
+</head>
+<body>
+<div id="contents">
+    Rule applies when access is being initiated from:
+    <span name="sourcehostcategory">
+        <input type="radio" name="sourcehostcategory" value="all"/>Any Host
+        <input type="radio" name="sourcehostcategory" value=""/>Specified Hosts and Groups
+        <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
+    </span>
+    <br/>
+
+    <span name="sourcehost_host">
+    <table class="search-table">
+    <thead>
+        <tr>
+            <th style="width: 25px;">
+                <input type="checkbox" name="select"/>
+            </th>
+            <th>
+                <span style="float: left;">Host</span>
+                <span name="buttons" style="float: right;">
+                    <input type="button" name="remove" value="Remove Hosts"/>
+                    <input type="button" name="add" value="Add Hosts"/>
+                </span>
+            </th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td>
+                <input type="checkbox" name="select" value="host"/>
+            </td>
+            <td>
+                <span name="sourcehost_host">host</span>
+            </td>
+        </tr>
+    </tbody>
+    </table>
+    </span>
+
+    <span name="sourcehost_hostgroup">
+    <table class="search-table">
+    <thead>
+        <tr>
+            <th style="width: 25px;">
+                <input type="checkbox" name="select"/>
+            </th>
+            <th>
+                <span style="float: left;">Host Group</span>
+                <span name="buttons" style="float: right;">
+                    <input type="button" name="remove" value="Remove Host Groups"/>
+                    <input type="button" name="add" value="Add Host Groups"/>
+                </span>
+            </th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td>
+                <input type="checkbox" name="select" value="hosts"/>
+            </td>
+            <td>
+                <span name="sourcehost_hostgroup">hosts</span>
+            </td>
+        </tr>
+    </tbody>
+    </table>
+    </span>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/install/static/layouts/default/hbacrule-details-user.html b/install/static/layouts/default/hbacrule-details-user.html
new file mode 100755
index 000000000..1b58848fe
--- /dev/null
+++ b/install/static/layouts/default/hbacrule-details-user.html
@@ -0,0 +1,78 @@
+<html>
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <title>Who</title>
+
+    <link rel="stylesheet" type="text/css" href="jquery-ui.css" />
+    <link rel="stylesheet" type="text/css" href="ipa.css" />
+</head>
+<body>
+<div id="contents">
+    Rule applies when access is requested by:
+    <span name="usercategory">
+        <input type="radio" name="usercategory" value="all"/>Anyone
+        <input type="radio" name="usercategory" value=""/>Specified Users and Groups
+        <span name="undo" class="ui-state-highlight ui-corner-all" style="display: none;">undo</span>
+    </span>
+    <br/>
+
+    <span name="memberuser_user">
+    <table class="search-table">
+    <thead>
+        <tr>
+            <th style="width: 25px;">
+                <input type="checkbox" name="select"/>
+            </th>
+            <th>
+                <span style="float: left;">User</span>
+                <span name="buttons" style="float: right;">
+                    <input type="button" name="remove" value="Remove Users"/>
+                    <input type="button" name="add" value="Add Users"/>
+                </span>
+            </th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td>
+                <input type="checkbox" name="select" value="user"/>
+            </td>
+            <td>
+                <span name="memberuser_user">user</span>
+            </td>
+        </tr>
+    </tbody>
+    </table>
+    </span>
+
+    <span name="memberuser_group">
+    <table class="search-table">
+    <thead>
+        <tr>
+            <th style="width: 25px;">
+                <input type="checkbox" name="select"/>
+            </th>
+            <th>
+                <span style="float: left;">User Group</span>
+                <span name="buttons" style="float: right;">
+                    <input type="button" name="remove" value="Remove User Groups"/>
+                    <input type="button" name="add" value="Add User Groups"/>
+                </span>
+            </th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td>
+                <input type="checkbox" name="select" value="users"/>
+            </td>
+            <td>
+                <span name="memberuser_group">users</span>
+            </td>
+        </tr>
+    </tbody>
+    </table>
+    </span>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/install/static/test/data/hbac_add.json b/install/static/test/data/hbac_add.json
deleted file mode 100644
index 2a5d251bf..000000000
--- a/install/static/test/data/hbac_add.json
+++ /dev/null
@@ -1,27 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "result": {
-            "accessruletype": [
-                "allow"
-            ],
-            "cn": [
-                "test"
-            ],
-            "dn": "ipauniqueid=f3e69e82-e3b411df-bfde9b13-2b28c216,cn=hbac,dc=dev,dc=example,dc=com",
-            "ipaenabledflag": [
-                "TRUE"
-            ],
-            "ipauniqueid": [
-                "f3e69e82-e3b411df-bfde9b13-2b28c216"
-            ],
-            "objectclass": [
-                "ipaassociation",
-                "ipahbacrule"
-            ]
-        },
-        "summary": null,
-        "value": "test"
-    }
-}
\ No newline at end of file
diff --git a/install/static/test/data/hbac_add_accesstime.json b/install/static/test/data/hbac_add_accesstime.json
deleted file mode 100644
index 3c631155b..000000000
--- a/install/static/test/data/hbac_add_accesstime.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "result": true
-    }
-}
diff --git a/install/static/test/data/hbac_add_host.json b/install/static/test/data/hbac_add_host.json
deleted file mode 100644
index 038d6aea4..000000000
--- a/install/static/test/data/hbac_add_host.json
+++ /dev/null
@@ -1,56 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "completed": 2,
-        "failed": {
-            "memberhost": {
-                "host": [],
-                "hostgroup": []
-            }
-        },
-        "result": {
-            "accessruletype": [
-                "allow"
-            ],
-            "accesstime": [
-                "periodic daily 0800-1400",
-                "absolute 201012161032 ~ 201012161033"
-            ],
-            "cn": [
-                "test"
-            ],
-            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
-            "ipaenabledflag": [
-                "TRUE"
-            ],
-            "memberhost_host": [
-                "dev.example.com"
-            ],
-            "memberhost_hostgroup": [
-                "production"
-            ],
-            "memberservice_hbacsvc": [
-                "ftp",
-                "sshd"
-            ],
-            "memberservice_hbacsvcgroup": [
-                "sudo"
-            ],
-            "memberuser_group": [
-                "admins",
-                "editors"
-            ],
-            "memberuser_user": [
-                "admin",
-                "test"
-            ],
-            "sourcehost_host": [
-                "dev.example.com"
-            ],
-            "sourcehost_hostgroup": [
-                "staging"
-            ]
-        }
-    }
-}
diff --git a/install/static/test/data/hbac_add_service.json b/install/static/test/data/hbac_add_service.json
deleted file mode 100644
index c658fe8b5..000000000
--- a/install/static/test/data/hbac_add_service.json
+++ /dev/null
@@ -1,56 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "completed": 3,
-        "failed": {
-            "memberservice": {
-                "hbacsvc": [],
-                "hbacsvcgroup": []
-            }
-        },
-        "result": {
-            "accessruletype": [
-                "allow"
-            ],
-            "accesstime": [
-                "periodic daily 0800-1400",
-                "absolute 201012161032 ~ 201012161033"
-            ],
-            "cn": [
-                "test"
-            ],
-            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
-            "ipaenabledflag": [
-                "TRUE"
-            ],
-            "memberhost_host": [
-                "dev.example.com"
-            ],
-            "memberhost_hostgroup": [
-                "production"
-            ],
-            "memberservice_hbacsvc": [
-                "ftp",
-                "sshd"
-            ],
-            "memberservice_hbacsvcgroup": [
-                "sudo"
-            ],
-            "memberuser_group": [
-                "admins",
-                "editors"
-            ],
-            "memberuser_user": [
-                "admin",
-                "test"
-            ],
-            "sourcehost_host": [
-                "dev.example.com"
-            ],
-            "sourcehost_hostgroup": [
-                "staging"
-            ]
-        }
-    }
-}
diff --git a/install/static/test/data/hbac_add_sourcehost.json b/install/static/test/data/hbac_add_sourcehost.json
deleted file mode 100644
index a657207f5..000000000
--- a/install/static/test/data/hbac_add_sourcehost.json
+++ /dev/null
@@ -1,56 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "completed": 2,
-        "failed": {
-            "sourcehost": {
-                "host": [],
-                "hostgroup": []
-            }
-        },
-        "result": {
-            "accessruletype": [
-                "allow"
-            ],
-            "accesstime": [
-                "periodic daily 0800-1400",
-                "absolute 201012161032 ~ 201012161033"
-            ],
-            "cn": [
-                "test"
-            ],
-            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
-            "ipaenabledflag": [
-                "TRUE"
-            ],
-            "memberhost_host": [
-                "dev.example.com"
-            ],
-            "memberhost_hostgroup": [
-                "production"
-            ],
-            "memberservice_hbacsvc": [
-                "ftp",
-                "sshd"
-            ],
-            "memberservice_hbacsvcgroup": [
-                "sudo"
-            ],
-            "memberuser_group": [
-                "admins",
-                "editors"
-            ],
-            "memberuser_user": [
-                "admin",
-                "test"
-            ],
-            "sourcehost_host": [
-                "dev.example.com"
-            ],
-            "sourcehost_hostgroup": [
-                "staging"
-            ]
-        }
-    }
-}
diff --git a/install/static/test/data/hbac_add_user.json b/install/static/test/data/hbac_add_user.json
deleted file mode 100644
index 0c4c976e4..000000000
--- a/install/static/test/data/hbac_add_user.json
+++ /dev/null
@@ -1,56 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "completed": 3,
-        "failed": {
-            "memberuser": {
-                "group": [],
-                "user": []
-            }
-        },
-        "result": {
-            "accessruletype": [
-                "allow"
-            ],
-            "accesstime": [
-                "periodic daily 0800-1400",
-                "absolute 201012161032 ~ 201012161033"
-            ],
-            "cn": [
-                "test"
-            ],
-            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
-            "ipaenabledflag": [
-                "TRUE"
-            ],
-            "memberhost_host": [
-                "dev.example.com"
-            ],
-            "memberhost_hostgroup": [
-                "production"
-            ],
-            "memberservice_hbacsvc": [
-                "ftp",
-                "sshd"
-            ],
-            "memberservice_hbacsvcgroup": [
-                "sudo"
-            ],
-            "memberuser_group": [
-                "admins",
-                "editors"
-            ],
-            "memberuser_user": [
-                "admin",
-                "test"
-            ],
-            "sourcehost_host": [
-                "dev.example.com"
-            ],
-            "sourcehost_hostgroup": [
-                "staging"
-            ]
-        }
-    }
-}
diff --git a/install/static/test/data/hbac_del.json b/install/static/test/data/hbac_del.json
deleted file mode 100644
index 2197a12c2..000000000
--- a/install/static/test/data/hbac_del.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "result": true,
-        "summary": null,
-        "value": "test"
-    }
-}
\ No newline at end of file
diff --git a/install/static/test/data/hbac_find.json b/install/static/test/data/hbac_find.json
deleted file mode 100644
index fd95d9f57..000000000
--- a/install/static/test/data/hbac_find.json
+++ /dev/null
@@ -1,54 +0,0 @@
-{
-    "error": null, 
-    "id": 0,
-    "result": {
-        "count": 2,
-        "result": [
-            {
-                "accessruletype": [
-                    "allow"
-                ], 
-                "cn": [
-                    "allow_all"
-                ], 
-                "description": [
-                    "Allow all users to access any host from any host"
-                ], 
-                "dn": "ipauniqueid=b7567b5a-e39311df-bfde9b13-2b28c216,cn=hbac,dc=dev,dc=example,dc=com",
-                "hostcategory": [
-                    "all"
-                ], 
-                "ipaenabledflag": [
-                    "TRUE"
-                ], 
-                "servicecategory": [
-                    "all"
-                ], 
-                "sourcehostcategory": [
-                    "all"
-                ], 
-                "usercategory": [
-                    "all"
-                ]
-            },
-            {
-                "accessruletype": [
-                    "allow"
-                ],
-                "accesstime": [
-                    "periodic daily 0800-1400",
-                    "absolute 201012161032 ~ 201012161033"
-                ],
-                "cn": [
-                    "test"
-                ],
-                "dn": "ipauniqueid=3b6d2a82-e3b511df-bfde9b13-2b28c216,cn=hbac,dc=dev,dc=example,dc=com",
-                "ipaenabledflag": [
-                    "TRUE"
-                ]
-            }
-        ], 
-        "summary": null, 
-        "truncated": false
-    }
-}
diff --git a/install/static/test/data/hbac_mod.json b/install/static/test/data/hbac_mod.json
deleted file mode 100644
index ea2b4d1e8..000000000
--- a/install/static/test/data/hbac_mod.json
+++ /dev/null
@@ -1,60 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "result": {
-            "accessruletype": [
-                "allow"
-            ],
-            "attributelevelrights": {
-                "accessruletype": "rscwo",
-                "accesstime": "rscwo",
-                "aci": "rscwo",
-                "cn": "rscwo",
-                "description": "rscwo",
-                "externalhost": "rscwo",
-                "hostcategory": "rscwo",
-                "ipaenabledflag": "rscwo",
-                "ipauniqueid": "rsc",
-                "memberhost": "rscwo",
-                "memberservice": "rscwo",
-                "memberuser": "rscwo",
-                "nsaccountlock": "rscwo",
-                "servicecategory": "rscwo",
-                "sourcehost": "rscwo",
-                "sourcehostcategory": "rscwo",
-                "usercategory": "rscwo"
-            },
-            "cn": [
-                "test"
-            ],
-            "description": [
-                "Test HBAC rule."
-            ],
-            "hostcategory": [
-                "all"
-            ],
-            "ipaenabledflag": [
-                "TRUE"
-            ],
-            "ipauniqueid": [
-                "4ed8b682-edf511df-b3f78f4b-11cc007b"
-            ],
-            "objectclass": [
-                "ipaassociation",
-                "ipahbacrule"
-            ],
-            "servicecategory": [
-                "all"
-            ],
-            "sourcehostcategory": [
-                "all"
-            ],
-            "usercategory": [
-                "all"
-            ]
-        },
-        "summary": null,
-        "value": "test"
-    }
-}
diff --git a/install/static/test/data/hbac_remove_accesstime.json b/install/static/test/data/hbac_remove_accesstime.json
deleted file mode 100644
index 3c631155b..000000000
--- a/install/static/test/data/hbac_remove_accesstime.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "result": true
-    }
-}
diff --git a/install/static/test/data/hbac_remove_host.json b/install/static/test/data/hbac_remove_host.json
deleted file mode 100644
index 02f56ecd6..000000000
--- a/install/static/test/data/hbac_remove_host.json
+++ /dev/null
@@ -1,50 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "completed": 2,
-        "failed": {
-            "memberhost": {
-                "host": [],
-                "hostgroup": []
-            }
-        },
-        "result": {
-            "accessruletype": [
-                "allow"
-            ],
-            "accesstime": [
-                "periodic daily 0800-1400",
-                "absolute 201012161032 ~ 201012161033"
-            ],
-            "cn": [
-                "test"
-            ],
-            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
-            "ipaenabledflag": [
-                "TRUE"
-            ],
-            "memberservice_hbacsvc": [
-                "ftp",
-                "sshd"
-            ],
-            "memberservice_hbacsvcgroup": [
-                "sudo"
-            ],
-            "memberuser_group": [
-                "admins",
-                "editors"
-            ],
-            "memberuser_user": [
-                "admin",
-                "test"
-            ],
-            "sourcehost_host": [
-                "dev.example.com"
-            ],
-            "sourcehost_hostgroup": [
-                "staging"
-            ]
-        }
-    }
-}
diff --git a/install/static/test/data/hbac_remove_service.json b/install/static/test/data/hbac_remove_service.json
deleted file mode 100644
index f8b6b51a5..000000000
--- a/install/static/test/data/hbac_remove_service.json
+++ /dev/null
@@ -1,49 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "completed": 3,
-        "failed": {
-            "memberservice": {
-                "hbacsvc": [],
-                "hbacsvcgroup": []
-            }
-        },
-        "result": {
-            "accessruletype": [
-                "allow"
-            ],
-            "accesstime": [
-                "periodic daily 0800-1400",
-                "absolute 201012161032 ~ 201012161033"
-            ],
-            "cn": [
-                "test"
-            ],
-            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
-            "ipaenabledflag": [
-                "TRUE"
-            ],
-            "memberhost_host": [
-                "dev.example.com"
-            ],
-            "memberhost_hostgroup": [
-                "production"
-            ],
-            "memberuser_group": [
-                "admins",
-                "editors"
-            ],
-            "memberuser_user": [
-                "admin",
-                "test"
-            ],
-            "sourcehost_host": [
-                "dev.example.com"
-            ],
-            "sourcehost_hostgroup": [
-                "staging"
-            ]
-        }
-    }
-}
diff --git a/install/static/test/data/hbac_remove_sourcehost.json b/install/static/test/data/hbac_remove_sourcehost.json
deleted file mode 100644
index da32f76e0..000000000
--- a/install/static/test/data/hbac_remove_sourcehost.json
+++ /dev/null
@@ -1,50 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "completed": 2,
-        "failed": {
-            "sourcehost": {
-                "host": [],
-                "hostgroup": []
-            }
-        },
-        "result": {
-            "accessruletype": [
-                "allow"
-            ],
-            "accesstime": [
-                "periodic daily 0800-1400",
-                "absolute 201012161032 ~ 201012161033"
-            ],
-            "cn": [
-                "test"
-            ],
-            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
-            "ipaenabledflag": [
-                "TRUE"
-            ],
-            "memberhost_host": [
-                "dev.example.com"
-            ],
-            "memberhost_hostgroup": [
-                "production"
-            ],
-            "memberservice_hbacsvc": [
-                "ftp",
-                "sshd"
-            ],
-            "memberservice_hbacsvcgroup": [
-                "sudo"
-            ],
-            "memberuser_group": [
-                "admins",
-                "editors"
-            ],
-            "memberuser_user": [
-                "admin",
-                "test"
-            ]
-        }
-    }
-}
diff --git a/install/static/test/data/hbac_remove_user.json b/install/static/test/data/hbac_remove_user.json
deleted file mode 100644
index f25317e83..000000000
--- a/install/static/test/data/hbac_remove_user.json
+++ /dev/null
@@ -1,48 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "completed": 3,
-        "failed": {
-            "memberuser": {
-                "group": [],
-                "user": []
-            }
-        },
-        "result": {
-            "accessruletype": [
-                "allow"
-            ],
-            "accesstime": [
-                "periodic daily 0800-1400",
-                "absolute 201012161032 ~ 201012161033"
-            ],
-            "cn": [
-                "test"
-            ],
-            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
-            "ipaenabledflag": [
-                "TRUE"
-            ],
-            "memberhost_host": [
-                "dev.example.com"
-            ],
-            "memberhost_hostgroup": [
-                "production"
-            ],
-            "memberservice_hbacsvc": [
-                "ftp",
-                "sshd"
-            ],
-            "memberservice_hbacsvcgroup": [
-                "sudo"
-            ],
-            "sourcehost_host": [
-                "dev.example.com"
-            ],
-            "sourcehost_hostgroup": [
-                "staging"
-            ]
-        }
-    }
-}
diff --git a/install/static/test/data/hbac_show.json b/install/static/test/data/hbac_show.json
deleted file mode 100644
index 2c0b64b39..000000000
--- a/install/static/test/data/hbac_show.json
+++ /dev/null
@@ -1,76 +0,0 @@
-{
-    "error": null,
-    "id": 0,
-    "result": {
-        "result": {
-            "accessruletype": [
-                "deny"
-            ],
-            "accesstime": [
-                "periodic daily 0800-1400",
-                "absolute 201012161032 ~ 201012161033"
-            ],
-            "attributelevelrights": {
-                "accessruletype": "rscwo",
-                "accesstime": "rscwo",
-                "aci": "rscwo",
-                "cn": "rscwo",
-                "description": "rscwo",
-                "externalhost": "rscwo",
-                "hostcategory": "rscwo",
-                "ipaenabledflag": "rscwo",
-                "ipauniqueid": "rsc",
-                "memberhost": "rscwo",
-                "memberservice": "rscwo",
-                "memberuser": "rscwo",
-                "nsaccountlock": "rscwo",
-                "servicecategory": "rscwo",
-                "sourcehost": "rscwo",
-                "sourcehostcategory": "rscwo",
-                "usercategory": "rscwo"
-            },
-            "cn": [
-                "test"
-            ],
-            "dn": "ipauniqueid=4ed8b682-edf511df-b3f78f4b-11cc007b,cn=hbac,dc=dev,dc=example,dc=com",
-            "ipaenabledflag": [
-                "TRUE"
-            ],
-            "ipauniqueid": [
-                "4ed8b682-edf511df-b3f78f4b-11cc007b"
-            ],
-            "memberhost_host": [
-                "dev.example.com"
-            ],
-            "memberhost_hostgroup": [
-                "production"
-            ],
-            "memberservice_hbacsvc": [
-                "ftp",
-                "sshd"
-            ],
-            "memberservice_hbacsvcgroup": [
-                "sudo"
-            ],
-            "memberuser_group": [
-                "editors"
-            ],
-            "memberuser_user": [
-                "admin",
-                "test"
-            ],
-            "objectclass": [
-                "ipaassociation",
-                "ipahbacrule"
-            ],
-            "sourcehost_host": [
-                "dev.example.com"
-            ],
-            "sourcehost_hostgroup": [
-                "staging"
-            ]
-        },
-        "summary": null,
-        "value": "test"
-    }
-}
diff --git a/install/static/test/data/hbacrule_add.json b/install/static/test/data/hbacrule_add.json
new file mode 100644
index 000000000..2a5d251bf
--- /dev/null
+++ b/install/static/test/data/hbacrule_add.json
@@ -0,0 +1,27 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "result": {
+            "accessruletype": [
+                "allow"
+            ],
+            "cn": [
+                "test"
+            ],
+            "dn": "ipauniqueid=f3e69e82-e3b411df-bfde9b13-2b28c216,cn=hbac,dc=dev,dc=example,dc=com",
+            "ipaenabledflag": [
+                "TRUE"
+            ],
+            "ipauniqueid": [
+                "f3e69e82-e3b411df-bfde9b13-2b28c216"
+            ],
+            "objectclass": [
+                "ipaassociation",
+                "ipahbacrule"
+            ]
+        },
+        "summary": null,
+        "value": "test"
+    }
+}
\ No newline at end of file
diff --git a/install/static/test/data/hbacrule_add_accesstime.json b/install/static/test/data/hbacrule_add_accesstime.json
new file mode 100644
index 000000000..3c631155b
--- /dev/null
+++ b/install/static/test/data/hbacrule_add_accesstime.json
@@ -0,0 +1,7 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "result": true
+    }
+}
diff --git a/install/static/test/data/hbacrule_add_host.json b/install/static/test/data/hbacrule_add_host.json
new file mode 100644
index 000000000..038d6aea4
--- /dev/null
+++ b/install/static/test/data/hbacrule_add_host.json
@@ -0,0 +1,56 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "completed": 2,
+        "failed": {
+            "memberhost": {
+                "host": [],
+                "hostgroup": []
+            }
+        },
+        "result": {
+            "accessruletype": [
+                "allow"
+            ],
+            "accesstime": [
+                "periodic daily 0800-1400",
+                "absolute 201012161032 ~ 201012161033"
+            ],
+            "cn": [
+                "test"
+            ],
+            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
+            "ipaenabledflag": [
+                "TRUE"
+            ],
+            "memberhost_host": [
+                "dev.example.com"
+            ],
+            "memberhost_hostgroup": [
+                "production"
+            ],
+            "memberservice_hbacsvc": [
+                "ftp",
+                "sshd"
+            ],
+            "memberservice_hbacsvcgroup": [
+                "sudo"
+            ],
+            "memberuser_group": [
+                "admins",
+                "editors"
+            ],
+            "memberuser_user": [
+                "admin",
+                "test"
+            ],
+            "sourcehost_host": [
+                "dev.example.com"
+            ],
+            "sourcehost_hostgroup": [
+                "staging"
+            ]
+        }
+    }
+}
diff --git a/install/static/test/data/hbacrule_add_service.json b/install/static/test/data/hbacrule_add_service.json
new file mode 100644
index 000000000..c658fe8b5
--- /dev/null
+++ b/install/static/test/data/hbacrule_add_service.json
@@ -0,0 +1,56 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "completed": 3,
+        "failed": {
+            "memberservice": {
+                "hbacsvc": [],
+                "hbacsvcgroup": []
+            }
+        },
+        "result": {
+            "accessruletype": [
+                "allow"
+            ],
+            "accesstime": [
+                "periodic daily 0800-1400",
+                "absolute 201012161032 ~ 201012161033"
+            ],
+            "cn": [
+                "test"
+            ],
+            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
+            "ipaenabledflag": [
+                "TRUE"
+            ],
+            "memberhost_host": [
+                "dev.example.com"
+            ],
+            "memberhost_hostgroup": [
+                "production"
+            ],
+            "memberservice_hbacsvc": [
+                "ftp",
+                "sshd"
+            ],
+            "memberservice_hbacsvcgroup": [
+                "sudo"
+            ],
+            "memberuser_group": [
+                "admins",
+                "editors"
+            ],
+            "memberuser_user": [
+                "admin",
+                "test"
+            ],
+            "sourcehost_host": [
+                "dev.example.com"
+            ],
+            "sourcehost_hostgroup": [
+                "staging"
+            ]
+        }
+    }
+}
diff --git a/install/static/test/data/hbacrule_add_sourcehost.json b/install/static/test/data/hbacrule_add_sourcehost.json
new file mode 100644
index 000000000..a657207f5
--- /dev/null
+++ b/install/static/test/data/hbacrule_add_sourcehost.json
@@ -0,0 +1,56 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "completed": 2,
+        "failed": {
+            "sourcehost": {
+                "host": [],
+                "hostgroup": []
+            }
+        },
+        "result": {
+            "accessruletype": [
+                "allow"
+            ],
+            "accesstime": [
+                "periodic daily 0800-1400",
+                "absolute 201012161032 ~ 201012161033"
+            ],
+            "cn": [
+                "test"
+            ],
+            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
+            "ipaenabledflag": [
+                "TRUE"
+            ],
+            "memberhost_host": [
+                "dev.example.com"
+            ],
+            "memberhost_hostgroup": [
+                "production"
+            ],
+            "memberservice_hbacsvc": [
+                "ftp",
+                "sshd"
+            ],
+            "memberservice_hbacsvcgroup": [
+                "sudo"
+            ],
+            "memberuser_group": [
+                "admins",
+                "editors"
+            ],
+            "memberuser_user": [
+                "admin",
+                "test"
+            ],
+            "sourcehost_host": [
+                "dev.example.com"
+            ],
+            "sourcehost_hostgroup": [
+                "staging"
+            ]
+        }
+    }
+}
diff --git a/install/static/test/data/hbacrule_add_user.json b/install/static/test/data/hbacrule_add_user.json
new file mode 100644
index 000000000..0c4c976e4
--- /dev/null
+++ b/install/static/test/data/hbacrule_add_user.json
@@ -0,0 +1,56 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "completed": 3,
+        "failed": {
+            "memberuser": {
+                "group": [],
+                "user": []
+            }
+        },
+        "result": {
+            "accessruletype": [
+                "allow"
+            ],
+            "accesstime": [
+                "periodic daily 0800-1400",
+                "absolute 201012161032 ~ 201012161033"
+            ],
+            "cn": [
+                "test"
+            ],
+            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
+            "ipaenabledflag": [
+                "TRUE"
+            ],
+            "memberhost_host": [
+                "dev.example.com"
+            ],
+            "memberhost_hostgroup": [
+                "production"
+            ],
+            "memberservice_hbacsvc": [
+                "ftp",
+                "sshd"
+            ],
+            "memberservice_hbacsvcgroup": [
+                "sudo"
+            ],
+            "memberuser_group": [
+                "admins",
+                "editors"
+            ],
+            "memberuser_user": [
+                "admin",
+                "test"
+            ],
+            "sourcehost_host": [
+                "dev.example.com"
+            ],
+            "sourcehost_hostgroup": [
+                "staging"
+            ]
+        }
+    }
+}
diff --git a/install/static/test/data/hbacrule_del.json b/install/static/test/data/hbacrule_del.json
new file mode 100644
index 000000000..2197a12c2
--- /dev/null
+++ b/install/static/test/data/hbacrule_del.json
@@ -0,0 +1,9 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "result": true,
+        "summary": null,
+        "value": "test"
+    }
+}
\ No newline at end of file
diff --git a/install/static/test/data/hbacrule_find.json b/install/static/test/data/hbacrule_find.json
new file mode 100644
index 000000000..fd95d9f57
--- /dev/null
+++ b/install/static/test/data/hbacrule_find.json
@@ -0,0 +1,54 @@
+{
+    "error": null, 
+    "id": 0,
+    "result": {
+        "count": 2,
+        "result": [
+            {
+                "accessruletype": [
+                    "allow"
+                ], 
+                "cn": [
+                    "allow_all"
+                ], 
+                "description": [
+                    "Allow all users to access any host from any host"
+                ], 
+                "dn": "ipauniqueid=b7567b5a-e39311df-bfde9b13-2b28c216,cn=hbac,dc=dev,dc=example,dc=com",
+                "hostcategory": [
+                    "all"
+                ], 
+                "ipaenabledflag": [
+                    "TRUE"
+                ], 
+                "servicecategory": [
+                    "all"
+                ], 
+                "sourcehostcategory": [
+                    "all"
+                ], 
+                "usercategory": [
+                    "all"
+                ]
+            },
+            {
+                "accessruletype": [
+                    "allow"
+                ],
+                "accesstime": [
+                    "periodic daily 0800-1400",
+                    "absolute 201012161032 ~ 201012161033"
+                ],
+                "cn": [
+                    "test"
+                ],
+                "dn": "ipauniqueid=3b6d2a82-e3b511df-bfde9b13-2b28c216,cn=hbac,dc=dev,dc=example,dc=com",
+                "ipaenabledflag": [
+                    "TRUE"
+                ]
+            }
+        ], 
+        "summary": null, 
+        "truncated": false
+    }
+}
diff --git a/install/static/test/data/hbacrule_mod.json b/install/static/test/data/hbacrule_mod.json
new file mode 100644
index 000000000..ea2b4d1e8
--- /dev/null
+++ b/install/static/test/data/hbacrule_mod.json
@@ -0,0 +1,60 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "result": {
+            "accessruletype": [
+                "allow"
+            ],
+            "attributelevelrights": {
+                "accessruletype": "rscwo",
+                "accesstime": "rscwo",
+                "aci": "rscwo",
+                "cn": "rscwo",
+                "description": "rscwo",
+                "externalhost": "rscwo",
+                "hostcategory": "rscwo",
+                "ipaenabledflag": "rscwo",
+                "ipauniqueid": "rsc",
+                "memberhost": "rscwo",
+                "memberservice": "rscwo",
+                "memberuser": "rscwo",
+                "nsaccountlock": "rscwo",
+                "servicecategory": "rscwo",
+                "sourcehost": "rscwo",
+                "sourcehostcategory": "rscwo",
+                "usercategory": "rscwo"
+            },
+            "cn": [
+                "test"
+            ],
+            "description": [
+                "Test HBAC rule."
+            ],
+            "hostcategory": [
+                "all"
+            ],
+            "ipaenabledflag": [
+                "TRUE"
+            ],
+            "ipauniqueid": [
+                "4ed8b682-edf511df-b3f78f4b-11cc007b"
+            ],
+            "objectclass": [
+                "ipaassociation",
+                "ipahbacrule"
+            ],
+            "servicecategory": [
+                "all"
+            ],
+            "sourcehostcategory": [
+                "all"
+            ],
+            "usercategory": [
+                "all"
+            ]
+        },
+        "summary": null,
+        "value": "test"
+    }
+}
diff --git a/install/static/test/data/hbacrule_remove_accesstime.json b/install/static/test/data/hbacrule_remove_accesstime.json
new file mode 100644
index 000000000..3c631155b
--- /dev/null
+++ b/install/static/test/data/hbacrule_remove_accesstime.json
@@ -0,0 +1,7 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "result": true
+    }
+}
diff --git a/install/static/test/data/hbacrule_remove_host.json b/install/static/test/data/hbacrule_remove_host.json
new file mode 100644
index 000000000..02f56ecd6
--- /dev/null
+++ b/install/static/test/data/hbacrule_remove_host.json
@@ -0,0 +1,50 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "completed": 2,
+        "failed": {
+            "memberhost": {
+                "host": [],
+                "hostgroup": []
+            }
+        },
+        "result": {
+            "accessruletype": [
+                "allow"
+            ],
+            "accesstime": [
+                "periodic daily 0800-1400",
+                "absolute 201012161032 ~ 201012161033"
+            ],
+            "cn": [
+                "test"
+            ],
+            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
+            "ipaenabledflag": [
+                "TRUE"
+            ],
+            "memberservice_hbacsvc": [
+                "ftp",
+                "sshd"
+            ],
+            "memberservice_hbacsvcgroup": [
+                "sudo"
+            ],
+            "memberuser_group": [
+                "admins",
+                "editors"
+            ],
+            "memberuser_user": [
+                "admin",
+                "test"
+            ],
+            "sourcehost_host": [
+                "dev.example.com"
+            ],
+            "sourcehost_hostgroup": [
+                "staging"
+            ]
+        }
+    }
+}
diff --git a/install/static/test/data/hbacrule_remove_service.json b/install/static/test/data/hbacrule_remove_service.json
new file mode 100644
index 000000000..f8b6b51a5
--- /dev/null
+++ b/install/static/test/data/hbacrule_remove_service.json
@@ -0,0 +1,49 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "completed": 3,
+        "failed": {
+            "memberservice": {
+                "hbacsvc": [],
+                "hbacsvcgroup": []
+            }
+        },
+        "result": {
+            "accessruletype": [
+                "allow"
+            ],
+            "accesstime": [
+                "periodic daily 0800-1400",
+                "absolute 201012161032 ~ 201012161033"
+            ],
+            "cn": [
+                "test"
+            ],
+            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
+            "ipaenabledflag": [
+                "TRUE"
+            ],
+            "memberhost_host": [
+                "dev.example.com"
+            ],
+            "memberhost_hostgroup": [
+                "production"
+            ],
+            "memberuser_group": [
+                "admins",
+                "editors"
+            ],
+            "memberuser_user": [
+                "admin",
+                "test"
+            ],
+            "sourcehost_host": [
+                "dev.example.com"
+            ],
+            "sourcehost_hostgroup": [
+                "staging"
+            ]
+        }
+    }
+}
diff --git a/install/static/test/data/hbacrule_remove_sourcehost.json b/install/static/test/data/hbacrule_remove_sourcehost.json
new file mode 100644
index 000000000..da32f76e0
--- /dev/null
+++ b/install/static/test/data/hbacrule_remove_sourcehost.json
@@ -0,0 +1,50 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "completed": 2,
+        "failed": {
+            "sourcehost": {
+                "host": [],
+                "hostgroup": []
+            }
+        },
+        "result": {
+            "accessruletype": [
+                "allow"
+            ],
+            "accesstime": [
+                "periodic daily 0800-1400",
+                "absolute 201012161032 ~ 201012161033"
+            ],
+            "cn": [
+                "test"
+            ],
+            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
+            "ipaenabledflag": [
+                "TRUE"
+            ],
+            "memberhost_host": [
+                "dev.example.com"
+            ],
+            "memberhost_hostgroup": [
+                "production"
+            ],
+            "memberservice_hbacsvc": [
+                "ftp",
+                "sshd"
+            ],
+            "memberservice_hbacsvcgroup": [
+                "sudo"
+            ],
+            "memberuser_group": [
+                "admins",
+                "editors"
+            ],
+            "memberuser_user": [
+                "admin",
+                "test"
+            ]
+        }
+    }
+}
diff --git a/install/static/test/data/hbacrule_remove_user.json b/install/static/test/data/hbacrule_remove_user.json
new file mode 100644
index 000000000..f25317e83
--- /dev/null
+++ b/install/static/test/data/hbacrule_remove_user.json
@@ -0,0 +1,48 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "completed": 3,
+        "failed": {
+            "memberuser": {
+                "group": [],
+                "user": []
+            }
+        },
+        "result": {
+            "accessruletype": [
+                "allow"
+            ],
+            "accesstime": [
+                "periodic daily 0800-1400",
+                "absolute 201012161032 ~ 201012161033"
+            ],
+            "cn": [
+                "test"
+            ],
+            "dn": "ipauniqueid=e8aca082-e64a11df-9864f2e0-e0578392,cn=hbac,dc=dev,dc=example,dc=com",
+            "ipaenabledflag": [
+                "TRUE"
+            ],
+            "memberhost_host": [
+                "dev.example.com"
+            ],
+            "memberhost_hostgroup": [
+                "production"
+            ],
+            "memberservice_hbacsvc": [
+                "ftp",
+                "sshd"
+            ],
+            "memberservice_hbacsvcgroup": [
+                "sudo"
+            ],
+            "sourcehost_host": [
+                "dev.example.com"
+            ],
+            "sourcehost_hostgroup": [
+                "staging"
+            ]
+        }
+    }
+}
diff --git a/install/static/test/data/hbacrule_show.json b/install/static/test/data/hbacrule_show.json
new file mode 100644
index 000000000..2c0b64b39
--- /dev/null
+++ b/install/static/test/data/hbacrule_show.json
@@ -0,0 +1,76 @@
+{
+    "error": null,
+    "id": 0,
+    "result": {
+        "result": {
+            "accessruletype": [
+                "deny"
+            ],
+            "accesstime": [
+                "periodic daily 0800-1400",
+                "absolute 201012161032 ~ 201012161033"
+            ],
+            "attributelevelrights": {
+                "accessruletype": "rscwo",
+                "accesstime": "rscwo",
+                "aci": "rscwo",
+                "cn": "rscwo",
+                "description": "rscwo",
+                "externalhost": "rscwo",
+                "hostcategory": "rscwo",
+                "ipaenabledflag": "rscwo",
+                "ipauniqueid": "rsc",
+                "memberhost": "rscwo",
+                "memberservice": "rscwo",
+                "memberuser": "rscwo",
+                "nsaccountlock": "rscwo",
+                "servicecategory": "rscwo",
+                "sourcehost": "rscwo",
+                "sourcehostcategory": "rscwo",
+                "usercategory": "rscwo"
+            },
+            "cn": [
+                "test"
+            ],
+            "dn": "ipauniqueid=4ed8b682-edf511df-b3f78f4b-11cc007b,cn=hbac,dc=dev,dc=example,dc=com",
+            "ipaenabledflag": [
+                "TRUE"
+            ],
+            "ipauniqueid": [
+                "4ed8b682-edf511df-b3f78f4b-11cc007b"
+            ],
+            "memberhost_host": [
+                "dev.example.com"
+            ],
+            "memberhost_hostgroup": [
+                "production"
+            ],
+            "memberservice_hbacsvc": [
+                "ftp",
+                "sshd"
+            ],
+            "memberservice_hbacsvcgroup": [
+                "sudo"
+            ],
+            "memberuser_group": [
+                "editors"
+            ],
+            "memberuser_user": [
+                "admin",
+                "test"
+            ],
+            "objectclass": [
+                "ipaassociation",
+                "ipahbacrule"
+            ],
+            "sourcehost_host": [
+                "dev.example.com"
+            ],
+            "sourcehost_hostgroup": [
+                "staging"
+            ]
+        },
+        "summary": null,
+        "value": "test"
+    }
+}
diff --git a/install/static/test/data/ipa_init.json b/install/static/test/data/ipa_init.json
index e399d8081..3b3f2db7d 100644
--- a/install/static/test/data/ipa_init.json
+++ b/install/static/test/data/ipa_init.json
@@ -3132,7 +3132,7 @@
                         ],
                         "uuid_attribute": "ipauniqueid"
                     },
-                    "hbac": {
+                    "hbacrule": {
                         "aciattrs": [
                             "accessruletype",
                             "accesstime",
@@ -3169,7 +3169,7 @@
                             ]
                         },
                         "bindable": false,
-                        "container_dn": "cn=hbac",
+                        "container_dn": "cn=hbacrules",
                         "default_attributes": [
                             "cn",
                             "accessruletype",
@@ -3208,7 +3208,7 @@
                             "remove_user",
                             "show"
                         ],
-                        "name": "hbac",
+                        "name": "hbacrule",
                         "object_class": [
                             "ipaassociation",
                             "ipahbacrule"
@@ -7833,7 +7833,7 @@
                     "container_configs": "cn=configs,cn=policies",
                     "container_dns": "cn=dns",
                     "container_group": "cn=groups,cn=accounts",
-                    "container_hbac": "cn=hbac",
+                    "container_hbacrule": "cn=hbacrules",
                     "container_hbacservice": "cn=hbacservices,cn=accounts",
                     "container_hbacservicegroup": "cn=hbacservicegroups,cn=accounts",
                     "container_host": "cn=computers,cn=accounts",
diff --git a/install/static/webui.js b/install/static/webui.js
index f17db8bc9..964c8cf79 100644
--- a/install/static/webui.js
+++ b/install/static/webui.js
@@ -34,7 +34,7 @@ var admin_tab_set = [
     ]},
     {name:'policy', children:[
         {name:'dnszone', entity:'dnszone'},
-        {name:'hbac', entity:'hbac', children:[
+        {name:'hbacrule', entity:'hbacrule', children:[
             {name:'hbacsvc', entity:'hbacsvc'},
             {name:'hbacsvcgroup', entity:'hbacsvcgroup'}
         ]},
-- 
cgit