diff options
| author | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-08-03 01:06:16 +0000 |
|---|---|---|
| committer | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-08-03 01:06:16 +0000 |
| commit | a5bcff2e148d2ac394f4b5e022720e75163d0e72 (patch) | |
| tree | 8177bd84a7459ad494f80204d0bf6c16ed842e2d /pki/base/kra/shared | |
| parent | 62f7104212b3f4a6d35e39e266b86c2b3b176085 (diff) | |
| download | pki-a5bcff2e148d2ac394f4b5e022720e75163d0e72.tar.gz pki-a5bcff2e148d2ac394f4b5e022720e75163d0e72.tar.xz pki-a5bcff2e148d2ac394f4b5e022720e75163d0e72.zip | |
Bug 608083 - CC: update ACL and AC calls for DRM
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1148 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/kra/shared')
| -rw-r--r-- | pki/base/kra/shared/conf/acl.ldif | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/pki/base/kra/shared/conf/acl.ldif b/pki/base/kra/shared/conf/acl.ldif index 5ff1c6598..861381330 100644 --- a/pki/base/kra/shared/conf/acl.ldif +++ b/pki/base/kra/shared/conf/acl.ldif @@ -26,8 +26,8 @@ resourceACLS: certServer.kra.systemstatus:read:allow (read) group="Data Recovery resourceACLS: certServer.kra.certificate.transport:read:allow (read) user="anybody":Anybody is allowed to read transport certificate resourceACLS: certServer.kra.request.status:read:allow (read) group="Data Recovery Manager Agents":Only data recovery manager agents retrieve the remote key recovery approval status resourceACLS: certServer.kra.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify groups -resourceACLS: certServer.kra.GenerateKeyPair:submit,read:allow (read,submit) group="Data Recovery Manager Agents":Only Data Recovery Manager Agents are allowed to submit requests -resourceACLS: certServer.kra.TokenKeyRecovery:submit,read:allow (read,submit) group="Data Recovery Manager Agents":Only Data Recovery Manager Agents are allowed to submit requests +resourceACLS: certServer.kra.GenerateKeyPair:execute:allow (execute) group="Data Recovery Manager Agents":Only Data Recovery Manager Agents are allowed to execute requests +resourceACLS: certServer.kra.TokenKeyRecovery:submit:allow (submit) group="Data Recovery Manager Agents":Only Data Recovery Manager Agents are allowed to submit requests resourceACLS: certServer.kra.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent -resourceACLS: certServer.kra.getTransportCert:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to retrieve the transport cert +resourceACLS: certServer.kra.getTransportCert:read:allow (read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to retrieve the transport cert resourceACLS: certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration. |