diff options
Diffstat (limited to 'pki/base/kra/shared/conf/acl.ldif')
-rw-r--r-- | pki/base/kra/shared/conf/acl.ldif | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pki/base/kra/shared/conf/acl.ldif b/pki/base/kra/shared/conf/acl.ldif index 0852882b6..7fe0a2783 100644 --- a/pki/base/kra/shared/conf/acl.ldif +++ b/pki/base/kra/shared/conf/acl.ldif @@ -7,7 +7,7 @@ resourceACLS: certServer.general.configuration:read,modify,delete:allow (read) g resourceACLS: certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Data Recovery Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify resourceACLS: certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Data Recovery Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify resourceACLS: certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Data Recovery Manager Agents";deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter -resourceACLS: certServer.log.configuration.signedAudit.expirationTime:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Data Recovery Manager Agents";deny (modify) user=anybody:Nobody is allowed to modify an expirationTime parameter +#resourceACLS: certServer.log.configuration.signedAudit.expirationTime:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Data Recovery Manager Agents";deny (modify) user=anybody:Nobody is allowed to modify an expirationTime parameter resourceACLS: certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log resourceACLS: certServer.log.content.system:read:allow (read) group="Administrators" || group="Data Recovery Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content resourceACLS: certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Data Recovery Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content |