From 621d9e5c413e561293d7484b93882d985b3fe15f Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Sat, 24 Mar 2012 02:27:47 -0500 Subject: Removed unnecessary pki folder. Previously the source code was located inside a pki folder. This folder was created during svn migration and is no longer needed. This folder has now been removed and the contents have been moved up one level. Ticket #131 --- base/ocsp/shared/conf/acl.ldif | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 base/ocsp/shared/conf/acl.ldif (limited to 'base/ocsp/shared/conf/acl.ldif') diff --git a/base/ocsp/shared/conf/acl.ldif b/base/ocsp/shared/conf/acl.ldif new file mode 100644 index 000000000..94a102b48 --- /dev/null +++ b/base/ocsp/shared/conf/acl.ldif @@ -0,0 +1,29 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2006 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +dn: cn=aclResources,{rootSuffix} +objectClass: top +objectClass: CertACLS +cn: aclResources +resourceACLS: certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Online Certificate Status Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete +resourceACLS: certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Online Certificate Status Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify +resourceACLS: certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Online Certificate Status Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify +resourceACLS: certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Online Certificate Status Manager Agents";deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter +#resourceACLS: certServer.log.configuration.signedAudit.expirationTime:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Online Certificate Status Manager Agents";deny (modify) user=anybody:Nobody is allowed to modify an expirationTime parameter +resourceACLS: certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log +resourceACLS: certServer.log.content.system:read:allow (read) group="Administrators" || group="Online Certificate Status Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content +resourceACLS: certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Online Certificate Status Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content +resourceACLS: certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Online Certificate Status Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify +resourceACLS: certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Online Certificate Status Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify +resourceACLS: certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Online Certificate Status Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets +resourceACLS: certServer.ocsp.info:read:allow (read) group="Online Certificate Status Manager Agents":Online Certificate Status Manager agents may read ocsp information +resourceACLS: certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests +resourceACLS: certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL +resourceACLS: certServer.ocsp.crl:add:allow (add) group="Online Certificate Status Manager Agents" || group="Trusted Managers":Online Certificate Status Manager agents and Trusted Managers may add CRL +resourceACLS: certServer.ocsp.ca:add:allow (add) group="Online Certificate Status Manager Agents":Online Certificate Status Manager agents may add Certificate Authority +resourceACLS: certServer.ocsp.cas:list:allow (list) group="Online Certificate Status Manager Agents":Online Certificate Status Manager agents may list Certificate Authorities +resourceACLS: certServer.ocsp.certificate:validate:allow (validate) group="Online Certificate Status Manager Agents":Online Certificate Status Manager agents may validate certificate status +resourceACLS: certServer.ocsp.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify groups +resourceACLS: certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration. -- cgit