diff options
| author | Abhishek Koneru <akoneru@redhat.com> | 2012-11-11 23:05:01 -0500 |
|---|---|---|
| committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-12 10:12:20 -0500 |
| commit | f400f3bc35f83a60fb386b734dec9fc66309bd71 (patch) | |
| tree | 90a5a6e2ff49142b43b04e6981eabd7ff0e82e90 /base | |
| parent | c8336ea65f2fbcdded5731943c80093797b05f45 (diff) | |
| download | pki-f400f3bc35f83a60fb386b734dec9fc66309bd71.tar.gz pki-f400f3bc35f83a60fb386b734dec9fc66309bd71.tar.xz pki-f400f3bc35f83a60fb386b734dec9fc66309bd71.zip | |
Invalid ACL resources Fix in KRA for certServer.kra.keys resource
Ticket 404
Diffstat (limited to 'base')
| -rw-r--r-- | base/kra/shared/conf/acl.ldif | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/base/kra/shared/conf/acl.ldif b/base/kra/shared/conf/acl.ldif index c3eae7596..89db3c1c9 100644 --- a/base/kra/shared/conf/acl.ldif +++ b/base/kra/shared/conf/acl.ldif @@ -16,7 +16,7 @@ resourceACLS: certServer.job.configuration:read,modify:allow (read) group="Admin resourceACLS: certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Data Recovery Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify resourceACLS: certServer.kra.key:read,recover,download:allow (read,recover,download) group="Data Recovery Manager Agents":Only data recovery manager agents retrieve key information resourceACLS: certServer.kra.request:read:allow (read) group="Data Recovery Manager Agents":Data Recovery Manager Agents may read request -resourceACLS: certServer.kra.keys:list:allow (list) group="Data Recovery Manager Agents":Only data recovery manager agents list keys +resourceACLS: certServer.kra.keys:list,execute:allow (list,execute) group="Data Recovery Manager Agents":Only data recovery manager agents list keys and execute key operations resourceACLS: certServer.kra.requests:list:allow (list) group="Data Recovery Manager Agents":Only data recovery manager agents list key archival requests resourceACLS: certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate resourceACLS: certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody":Anybody may submit an enrollment request @@ -32,6 +32,5 @@ resourceACLS: certServer.kra.getTransportCert:read:allow (read) group="Enterpris resourceACLS: certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration. resourceACLS: certServer.kra.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout resourceACLS: certServer.kra.groups:execute:allow (execute) group="Administrators":Admins may execute group operations -resourceACLS: certServer.kra.keys:execute:allow (execute) group="Data Recovery Manager Agents":Agents may execute key operations resourceACLS: certServer.kra.keyrequests:execute:allow (execute) group="Data Recovery Manager Agents":Agents may execute key request operations resourceACLS: certServer.kra.users:execute:allow (execute) group="Administrators":Admins may execute user operations |