diff options
Diffstat (limited to 'pki/base/ocsp/shared/conf/acl.ldif')
-rw-r--r-- | pki/base/ocsp/shared/conf/acl.ldif | 29 |
1 files changed, 0 insertions, 29 deletions
diff --git a/pki/base/ocsp/shared/conf/acl.ldif b/pki/base/ocsp/shared/conf/acl.ldif deleted file mode 100644 index 94a102b48..000000000 --- a/pki/base/ocsp/shared/conf/acl.ldif +++ /dev/null @@ -1,29 +0,0 @@ -# --- BEGIN COPYRIGHT BLOCK --- -# Copyright (C) 2006 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -dn: cn=aclResources,{rootSuffix} -objectClass: top -objectClass: CertACLS -cn: aclResources -resourceACLS: certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Online Certificate Status Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete -resourceACLS: certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Online Certificate Status Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify -resourceACLS: certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Online Certificate Status Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify -resourceACLS: certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Online Certificate Status Manager Agents";deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter -#resourceACLS: certServer.log.configuration.signedAudit.expirationTime:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Online Certificate Status Manager Agents";deny (modify) user=anybody:Nobody is allowed to modify an expirationTime parameter -resourceACLS: certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log -resourceACLS: certServer.log.content.system:read:allow (read) group="Administrators" || group="Online Certificate Status Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content -resourceACLS: certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Online Certificate Status Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content -resourceACLS: certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Online Certificate Status Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify -resourceACLS: certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Online Certificate Status Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify -resourceACLS: certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Online Certificate Status Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets -resourceACLS: certServer.ocsp.info:read:allow (read) group="Online Certificate Status Manager Agents":Online Certificate Status Manager agents may read ocsp information -resourceACLS: certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests -resourceACLS: certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL -resourceACLS: certServer.ocsp.crl:add:allow (add) group="Online Certificate Status Manager Agents" || group="Trusted Managers":Online Certificate Status Manager agents and Trusted Managers may add CRL -resourceACLS: certServer.ocsp.ca:add:allow (add) group="Online Certificate Status Manager Agents":Online Certificate Status Manager agents may add Certificate Authority -resourceACLS: certServer.ocsp.cas:list:allow (list) group="Online Certificate Status Manager Agents":Online Certificate Status Manager agents may list Certificate Authorities -resourceACLS: certServer.ocsp.certificate:validate:allow (validate) group="Online Certificate Status Manager Agents":Online Certificate Status Manager agents may validate certificate status -resourceACLS: certServer.ocsp.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify groups -resourceACLS: certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration. |