diff options
| author | Endi Sukma Dewata <edewata@redhat.com> | 2012-10-08 14:50:26 -0500 |
|---|---|---|
| committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-10-22 17:12:20 -0500 |
| commit | 1723a2ecd9d4d741ecd6d292712eeaea9d19bde9 (patch) | |
| tree | f9812748c4d5c8895a8da7be352983eb792ed000 /base/kra/shared/conf | |
| parent | 1c45197227a0d54b525d4b40f66aa96aeb4f2e6a (diff) | |
| download | pki-1723a2ecd9d4d741ecd6d292712eeaea9d19bde9.tar.gz pki-1723a2ecd9d4d741ecd6d292712eeaea9d19bde9.tar.xz pki-1723a2ecd9d4d741ecd6d292712eeaea9d19bde9.zip | |
Added REST account service.
A REST account service has been added to allow client to login
to establish a session and to logout to destroy the session. This
way multiple operations can be executed using the same session
without having to re-authenticate.
Ticket #357
Diffstat (limited to 'base/kra/shared/conf')
| -rw-r--r-- | base/kra/shared/conf/acl.ldif | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/base/kra/shared/conf/acl.ldif b/base/kra/shared/conf/acl.ldif index ea70ffd21..c3eae7596 100644 --- a/base/kra/shared/conf/acl.ldif +++ b/base/kra/shared/conf/acl.ldif @@ -30,6 +30,7 @@ resourceACLS: certServer.kra.TokenKeyRecovery:submit:allow (submit) group="Data resourceACLS: certServer.kra.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent resourceACLS: certServer.kra.getTransportCert:read:allow (read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to retrieve the transport cert resourceACLS: certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration. +resourceACLS: certServer.kra.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout resourceACLS: certServer.kra.groups:execute:allow (execute) group="Administrators":Admins may execute group operations resourceACLS: certServer.kra.keys:execute:allow (execute) group="Data Recovery Manager Agents":Agents may execute key operations resourceACLS: certServer.kra.keyrequests:execute:allow (execute) group="Data Recovery Manager Agents":Agents may execute key request operations |