From a185d45d87539559876f7b0b4f75b904339a5b90 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Wed, 26 Mar 2014 17:11:23 +0100 Subject: Add managed read permissions to RBAC objects Add default read permissions to roles, privileges and permissions. Also add permission to read ACIs. This is required for legacy permissions. Part of the work for: https://fedorahosted.org/freeipa/ticket/3566 --- install/updates/40-delegation.update | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'install/updates/40-delegation.update') diff --git a/install/updates/40-delegation.update b/install/updates/40-delegation.update index 3fabdf9c7..e90819a51 100644 --- a/install/updates/40-delegation.update +++ b/install/updates/40-delegation.update @@ -392,3 +392,12 @@ default:ipapermissiontype: SYSTEM dn: cn=config add:aci: '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,$SUFFIX";)' + + +# Read privileges +dn: cn=RBAC Readers,cn=privileges,cn=pbac,$SUFFIX +default:objectClass: nestedgroup +default:objectClass: groupofnames +default:objectClass: top +default:cn: RBAC Readers +default:description: Read roles, privileges, permissions and ACIs -- cgit