diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2013-08-13 15:56:50 -0400 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2013-08-15 12:26:12 -0400 |
| commit | 17d6be4d85741bffa21d93aceaff00223bc77dec (patch) | |
| tree | 7703eba9059076e47c7262120150292270c54d15 /base/tps-tomcat/shared/conf/acl.ldif | |
| parent | 4ab7fdc3c08a6279d838ae795889924e9fc306cb (diff) | |
| download | pki-17d6be4d85741bffa21d93aceaff00223bc77dec.tar.gz pki-17d6be4d85741bffa21d93aceaff00223bc77dec.tar.xz pki-17d6be4d85741bffa21d93aceaff00223bc77dec.zip | |
Moved Tomcat-based TPS to separate folder.
The source files for the new Tomcat-based TPS has been moved from base/tps
to base/tps-tomcat. The new TPS will now be build in pki-core and packaged
in pki-tps-tomcat RPM. The old TPS and RA have been restored to the previous
state before adding the new TPS. Once the new TPS is complete, the old TPS
can be removed, the new TPS can be moved back to base/tps and the package
can be renamed back to pki-tps.
Ticket #702
Diffstat (limited to 'base/tps-tomcat/shared/conf/acl.ldif')
| -rw-r--r-- | base/tps-tomcat/shared/conf/acl.ldif | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/base/tps-tomcat/shared/conf/acl.ldif b/base/tps-tomcat/shared/conf/acl.ldif new file mode 100644 index 000000000..fb63122d1 --- /dev/null +++ b/base/tps-tomcat/shared/conf/acl.ldif @@ -0,0 +1,22 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2006 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +dn: cn=aclResources,{rootSuffix} +objectClass: top +objectClass: CertACLS +cn: aclResources +resourceACLS: certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete +resourceACLS: certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify +resourceACLS: certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify +resourceACLS: certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents";deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter +#resourceACLS: certServer.log.configuration.signedAudit.expirationTime:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents";deny (modify) user=anybody:Nobody is allowed to modify an expirationTime parameter +resourceACLS: certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log +resourceACLS: certServer.log.content.system:read:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents":Administrators, auditors, and agents are allowed to read the log content +resourceACLS: certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents":Administrators, auditors, and agents are allowed to read the log content +resourceACLS: certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify +resourceACLS: certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents";allow (modify) group="Administrators":this acl is shared by all admin servlets +resourceACLS: certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate +resourceACLS: certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody":Anybody may submit an enrollment request +resourceACLS: certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to clone the configuration. |