{ "error": null, "id": 0, "result": { "count": 47, "result": [ { "cn": [ "addusers" ], "description": [ "Add Users" ], "dn": "cn=addusers,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "useradmin" ], "permissions": [ "add" ], "type": "user" }, { "attrs": [ "userPassword", "krbPrincipalKey", "sambaLMPassword", "sambaNTPassword", "passwordHistory" ], "cn": [ "change_password" ], "description": [ "Change a user password" ], "dn": "cn=change_password,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "useradmin" ], "permissions": [ "write" ] }, { "attrs": [ "member" ], "cn": [ "add_user_to_default_group" ], "description": [ "Add user to default group" ], "dn": "cn=add_user_to_default_group,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "useradmin" ], "permissions": [ "write" ], "targetgroup": "ldap:///cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" }, { "cn": [ "removeusers" ], "description": [ "Remove Users" ], "dn": "cn=removeusers,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "useradmin" ], "permissions": [ "delete" ], "type": "user" }, { "attrs": [ "givenName", "sn", "cn", "displayName", "title", "initials", "loginShell", "gecos", "homePhone", "mobile", "pager", "facsimileTelephoneNumber", "telephoneNumber", "street", "roomNumber", "l", "st", "postalCode", "manager", "secretary", "description", "carLicense", "labeledURI", "inetUserHTTPURL", "seeAlso", "employeeType", "businessCategory", "ou", "mepManagedEntry", "objectclass" ], "cn": [ "modifyusers" ], "description": [ "Modify Users" ], "dn": "cn=modifyusers,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "useradmin" ], "permissions": [ "write" ], "type": "user" }, { "cn": [ "addgroups" ], "description": [ "Add Groups" ], "dn": "cn=addgroups,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "groupadmin" ], "permissions": [ "add" ], "type": "group" }, { "cn": [ "removegroups" ], "description": [ "Remove Groups" ], "dn": "cn=removegroups,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "groupadmin" ], "permissions": [ "delete" ], "type": "group" }, { "attrs": [ "cn", "description", "gidnumber", "objectclass", "mepManagedBy", "ipaUniqueId" ], "cn": [ "modifygroups" ], "description": [ "Modify Groups" ], "dn": "cn=modifygroups,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "groupadmin" ], "permissions": [ "write" ], "type": "group" }, { "attrs": [ "member" ], "cn": [ "modifygroupmembership" ], "description": [ "Modify Group membership" ], "dn": "cn=modifygroupmembership,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "groupadmin" ], "permissions": [ "write" ], "type": "group" }, { "cn": [ "addhosts" ], "description": [ "Add Hosts" ], "dn": "cn=addhosts,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "hostadmin" ], "permissions": [ "add" ], "type": "host" }, { "cn": [ "removehosts" ], "description": [ "Remove Hosts" ], "dn": "cn=removehosts,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "hostadmin" ], "permissions": [ "delete" ], "type": "host" }, { "attrs": [ "description", "l", "nshostlocation", "nshardwareplatform", "nsosversion" ], "cn": [ "modifyhosts" ], "description": [ "Modify Hosts" ], "dn": "cn=modifyhosts,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "hostadmin" ], "permissions": [ "write" ], "type": "host" }, { "cn": [ "addhostgroups" ], "description": [ "Add Hostgroups" ], "dn": "cn=addhostgroups,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "hostgroupadmin" ], "permissions": [ "add" ], "type": "hostgroup" }, { "cn": [ "removehostgroups" ], "description": [ "Remove Hostgroups" ], "dn": "cn=removehostgroups,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "hostgroupadmin" ], "permissions": [ "delete" ], "type": "hostgroup" }, { "attrs": [ "cn", "description" ], "cn": [ "modifyhostgroups" ], "description": [ "Modify Hostgroups" ], "dn": "cn=modifyhostgroups,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "hostgroupadmin" ], "permissions": [ "write" ], "type": "hostgroup" }, { "attrs": [ "member" ], "cn": [ "modifyhostgroupmembership" ], "description": [ "Modify Hostgroup membership" ], "dn": "cn=modifyhostgroupmembership,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "hostgroupadmin" ], "permissions": [ "write" ], "type": "hostgroup" }, { "cn": [ "addservices" ], "description": [ "Add Services" ], "dn": "cn=addservices,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "serviceadmin" ], "permissions": [ "add" ], "type": "service" }, { "cn": [ "removeservices" ], "description": [ "Remove Services" ], "dn": "cn=removeservices,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "serviceadmin" ], "permissions": [ "delete" ], "type": "service" }, { "attrs": [ "userCertificate" ], "cn": [ "modifyservices" ], "description": [ "Modify Services" ], "dn": "cn=modifyservices,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "serviceadmin" ], "permissions": [ "write" ], "type": "service" }, { "cn": [ "addroles" ], "description": [ "Add Roles" ], "dn": "cn=addroles,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "delegationadmin" ], "permissions": [ "add" ], "subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" }, { "cn": [ "removeroles" ], "description": [ "Remove Roles" ], "dn": "cn=removeroles,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "delegationadmin" ], "permissions": [ "delete" ], "subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" }, { "attrs": [ "cn", "description" ], "cn": [ "modifyroles" ], "description": [ "Modify Roles" ], "dn": "cn=modifyroles,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "delegationadmin" ], "permissions": [ "write" ], "subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" }, { "attrs": [ "member" ], "cn": [ "modifyrolemembership" ], "description": [ "Modify Role Group membership" ], "dn": "cn=modifyrolemembership,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "delegationadmin" ], "permissions": [ "write" ], "subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" }, { "attrs": [ "member" ], "cn": [ "modifyprivilegemembership" ], "description": [ "Modify privilege membership" ], "dn": "cn=modifyprivilegemembership,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "delegationadmin" ], "permissions": [ "write" ], "subtree": "ldap:///cn=*,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" }, { "cn": [ "addautomountmaps" ], "description": [ "Add Automount maps" ], "dn": "cn=addautomountmaps,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "automountadmin" ], "permissions": [ "add" ], "subtree": "ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" }, { "cn": [ "removeautomountmaps" ], "description": [ "Remove Automount maps" ], "dn": "cn=removeautomountmaps,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "automountadmin" ], "permissions": [ "delete" ], "subtree": "ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" }, { "cn": [ "addautomountkeys" ], "description": [ "Add Automount keys" ], "dn": "cn=addautomountkeys,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "automountadmin" ], "permissions": [ "add" ], "subtree": "ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" }, { "cn": [ "removeautomountkeys" ], "description": [ "Remove Automount keys" ], "dn": "cn=removeautomountkeys,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "automountadmin" ], "permissions": [ "delete" ], "subtree": "ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" }, { "cn": [ "addnetgroups" ], "description": [ "Add netgroups" ], "dn": "cn=addnetgroups,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "netgroupadmin" ], "permissions": [ "add" ], "type": "netgroup" }, { "cn": [ "removenetgroups" ], "description": [ "Remove netgroups" ], "dn": "cn=removenetgroups,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "netgroupadmin" ], "permissions": [ "delete" ], "type": "netgroup" }, { "attrs": [ "description" ], "cn": [ "modifynetgroups" ], "description": [ "Modify netgroups" ], "dn": "cn=modifynetgroups,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "netgroupadmin" ], "permissions": [ "write" ], "type": "netgroup" }, { "attrs": [ "memberhost", "externalhost", "memberuser", "member" ], "cn": [ "modifynetgroupmembership" ], "description": [ "Modify netgroup membership" ], "dn": "cn=modifynetgroupmembership,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "netgroupadmin" ], "permissions": [ "write" ], "type": "netgroup" }, { "attrs": [ "krbPrincipalKey", "krbLastPwdChange" ], "cn": [ "manage_host_keytab" ], "description": [ "Manage host keytab" ], "dn": "cn=manage_host_keytab,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "hostadmin", "enrollhost" ], "permissions": [ "write" ], "type": "host" }, { "attrs": [ "krbPrincipalKey", "krbLastPwdChange" ], "cn": [ "manage_service_keytab" ], "description": [ "Manage service keytab" ], "dn": "cn=manage_service_keytab,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "serviceadmin", "admins" ], "permissions": [ "write" ], "type": "service" }, { "attrs": [ "enrolledBy", "objectClass" ], "cn": [ "enroll_host" ], "description": [ "Enroll a host" ], "dn": "cn=enroll_host,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "hostadmin", "enrollhost" ], "permissions": [ "write" ], "type": "host" }, { "cn": [ "managereplica" ], "description": [ "Manage Replication Agreements" ], "dn": "cn=managereplica,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "replicaadmin" ], "memberindirect": [ "uid=admin,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" ] }, { "cn": [ "deletereplica" ], "description": [ "Delete Replication Agreements" ], "dn": "cn=deletereplica,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "replicaadmin" ], "memberindirect": [ "uid=admin,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" ] }, { "cn": [ "addentitlements" ], "description": [ "Add Entitlements" ], "dn": "cn=addentitlements,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "entitlementadmin" ], "permissions": [ "add" ], "subtree": "ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" }, { "cn": [ "removeentitlements" ], "description": [ "Remove Entitlements" ], "dn": "cn=removeentitlements,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "entitlementadmin" ], "permissions": [ "delete" ], "subtree": "ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" }, { "attrs": [ "userCertificate" ], "cn": [ "modifyentitlements" ], "description": [ "Modify Entitlements" ], "dn": "cn=modifyentitlements,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "entitlementadmin" ], "permissions": [ "write" ], "subtree": "ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" }, { "attrs": [ "objectClass" ], "cn": [ "retrieve_certs" ], "description": [ "Retrieve Certificates from the CA" ], "dn": "cn=retrieve_certs,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "certadmin" ], "permissions": [ "write" ], "subtree": "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" }, { "attrs": [ "objectClass" ], "cn": [ "request_certs" ], "description": [ "Request Certificates from the CA" ], "dn": "cn=request_certs,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "certadmin" ], "permissions": [ "write" ], "subtree": "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" }, { "attrs": [ "objectClass" ], "cn": [ "request_cert_different_host" ], "description": [ "Request Certificates from a different host" ], "dn": "cn=request_cert_different_host,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "certadmin" ], "permissions": [ "write" ], "subtree": "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" }, { "attrs": [ "objectClass" ], "cn": [ "certificate_status" ], "description": [ "Get Certificates status from the CA" ], "dn": "cn=certificate_status,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "certadmin" ], "permissions": [ "write" ], "subtree": "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" }, { "attrs": [ "objectClass" ], "cn": [ "revoke_certificate" ], "description": [ "Revoke Certificate" ], "dn": "cn=revoke_certificate,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "certadmin" ], "permissions": [ "write" ], "subtree": "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" }, { "attrs": [ "objectClass" ], "cn": [ "certificate_remove_hold" ], "description": [ "Certificate Remove Hold" ], "dn": "cn=certificate_remove_hold,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "certadmin" ], "permissions": [ "write" ], "subtree": "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" }, { "cn": [ "update_dns" ], "description": [ "DNS Servers Updates" ], "dn": "cn=update_dns,cn=permissions,cn=pbac,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "member_privilege": [ "dnsadmin", "dnsserver" ], "memberindirect": [ "krbprincipalname=dns/ipa.ayoung.boston.devel.redhat.com@ayoung.boston.devel.redhat.com,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" ] } ], "summary": "47 permissions matched", "truncated": false } }