diff options
| author | Matthew Harmsen <mharmsen@redhat.com> | 2013-10-15 17:55:05 -0700 |
|---|---|---|
| committer | Matthew Harmsen <mharmsen@redhat.com> | 2013-10-15 17:59:23 -0700 |
| commit | 47c77a67d67cb443070137fd9b8d64955d499089 (patch) | |
| tree | 12b7588f34a80a74c000e77b19017ec941ad5231 /base/ocsp/shared/conf/acl.ldif | |
| parent | 618be8bd7e9488a325789232c94aad109f9b6803 (diff) | |
| download | pki-47c77a67d67cb443070137fd9b8d64955d499089.tar.gz pki-47c77a67d67cb443070137fd9b8d64955d499089.tar.xz pki-47c77a67d67cb443070137fd9b8d64955d499089.zip | |
Stand-alone DRM
* TRAC Ticket #667 - provide option for ca-less drm install
Diffstat (limited to 'base/ocsp/shared/conf/acl.ldif')
| -rw-r--r-- | base/ocsp/shared/conf/acl.ldif | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/base/ocsp/shared/conf/acl.ldif b/base/ocsp/shared/conf/acl.ldif index b1dbc4c5b..14221f8bb 100644 --- a/base/ocsp/shared/conf/acl.ldif +++ b/base/ocsp/shared/conf/acl.ldif @@ -10,6 +10,7 @@ cn: aclResources resourceACLS: certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Online Certificate Status Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete resourceACLS: certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Online Certificate Status Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify resourceACLS: certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Online Certificate Status Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify +resourceACLS: certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise OCSP Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml resourceACLS: certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Online Certificate Status Manager Agents";deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter #resourceACLS: certServer.log.configuration.signedAudit.expirationTime:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Online Certificate Status Manager Agents";deny (modify) user=anybody:Nobody is allowed to modify an expirationTime parameter resourceACLS: certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log |