diff options
author | Endi S. Dewata <edewata@redhat.com> | 2013-05-16 13:06:14 -0500 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2013-06-10 13:35:22 -0400 |
commit | 0812c8d7583250d9ccbfbc3439083d1d2296b2f5 (patch) | |
tree | ed22e7a39a37ee87a36257170b00da7db11eca54 /base/tps/shared/conf/acl.ldif | |
parent | e4656ce3f71f5cc0ba124ed5082a264e2689140b (diff) | |
download | pki-0812c8d7583250d9ccbfbc3439083d1d2296b2f5.tar.gz pki-0812c8d7583250d9ccbfbc3439083d1d2296b2f5.tar.xz pki-0812c8d7583250d9ccbfbc3439083d1d2296b2f5.zip |
Added Tomcat-based TPS instance.
The build and deployment tools have been modified to support creating
a basic Tomcat instance to run TPS. New configuration and template
files for TPS have been copied from another Tomcat subsystem. The TPS
functionality itself will be added in future patches.
Ticket #526
Diffstat (limited to 'base/tps/shared/conf/acl.ldif')
-rw-r--r-- | base/tps/shared/conf/acl.ldif | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/base/tps/shared/conf/acl.ldif b/base/tps/shared/conf/acl.ldif new file mode 100644 index 000000000..fb63122d1 --- /dev/null +++ b/base/tps/shared/conf/acl.ldif @@ -0,0 +1,22 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2006 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +dn: cn=aclResources,{rootSuffix} +objectClass: top +objectClass: CertACLS +cn: aclResources +resourceACLS: certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete +resourceACLS: certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify +resourceACLS: certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify +resourceACLS: certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents";deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter +#resourceACLS: certServer.log.configuration.signedAudit.expirationTime:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents";deny (modify) user=anybody:Nobody is allowed to modify an expirationTime parameter +resourceACLS: certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log +resourceACLS: certServer.log.content.system:read:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents":Administrators, auditors, and agents are allowed to read the log content +resourceACLS: certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents":Administrators, auditors, and agents are allowed to read the log content +resourceACLS: certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify +resourceACLS: certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents";allow (modify) group="Administrators":this acl is shared by all admin servlets +resourceACLS: certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate +resourceACLS: certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody":Anybody may submit an enrollment request +resourceACLS: certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to clone the configuration. |