Enabled account service for TKS and OCSP.

The REST account service has been added to TKS and OCSP to enable
authentication.

Ticket #375

1 files changed, 3 insertions, 0 deletions

diff --git a/base/tks/shared/conf/acl.ldif b/base/tks/shared/conf/acl.ldif
index b38b5963f..bed8ba7cb 100644
--- a/base/tks/shared/conf/acl.ldif
+++ b/base/tks/shared/conf/acl.ldif
@@ -28,3 +28,6 @@ resourceACLS: certServer.tks.randomdata:execute:allow (execute) group="Token Key
 resourceACLS: certServer.tks.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent
 resourceACLS: certServer.tks.importTransportCert:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to import transport certificate
 resourceACLS: certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.
+resourceACLS: certServer.tks.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout
+resourceACLS: certServer.tks.groups:execute:allow (execute) group="Administrators":Admins may execute group operations
+resourceACLS: certServer.tks.users:execute:allow (execute) group="Administrators":Admins may execute user operations