diff options
author | Stanislav Laznicka <slaznick@redhat.com> | 2016-05-27 13:27:03 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-05-29 14:13:12 +0200 |
commit | 1ce63e6193701679f539f7c83ddee9f65056b806 (patch) | |
tree | 0132f4ac9ecbf427e381100f9bfd01bb51632932 /ACI.txt | |
parent | 4bafba06f2b8cc51cd95a725e1c8adf7bbf9a5fc (diff) | |
download | freeipa-1ce63e6193701679f539f7c83ddee9f65056b806.tar.gz freeipa-1ce63e6193701679f539f7c83ddee9f65056b806.tar.xz freeipa-1ce63e6193701679f539f7c83ddee9f65056b806.zip |
Added some attributes to Modify Users permission
Added 'employeenumber', 'departmentnumber' and 'mail' to Modify Users
permission
https://fedorahosted.org/freeipa/ticket/5911#comment:2
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ACI.txt')
-rw-r--r-- | ACI.txt | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -313,7 +313,7 @@ aci: (targetattr = "usercertificate")(targetfilter = "(objectclass=posixaccount) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetattr = "ipasshpubkey")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Manage User SSH Public Keys";allow (write) groupdn = "ldap:///cn=System: Manage User SSH Public Keys,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example -aci: (targetattr = "businesscategory || carlicense || cn || description || displayname || employeetype || facsimiletelephonenumber || gecos || givenname || homephone || inetuserhttpurl || initials || l || labeleduri || loginshell || manager || mepmanagedentry || mobile || objectclass || ou || pager || postalcode || preferredlanguage || roomnumber || secretary || seealso || sn || st || street || telephonenumber || title || userclass")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Modify Users";allow (write) groupdn = "ldap:///cn=System: Modify Users,cn=permissions,cn=pbac,dc=ipa,dc=example";) +aci: (targetattr = "businesscategory || carlicense || cn || departmentnumber || description || displayname || employeenumber || employeetype || facsimiletelephonenumber || gecos || givenname || homephone || inetuserhttpurl || initials || l || labeleduri || loginshell || mail || manager || mepmanagedentry || mobile || objectclass || ou || pager || postalcode || preferredlanguage || roomnumber || secretary || seealso || sn || st || street || telephonenumber || title || userclass")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Modify Users";allow (write) groupdn = "ldap:///cn=System: Modify Users,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=ipa,dc=example aci: (targetattr = "*")(target = "ldap:///cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read UPG Definition";allow (compare,read,search) groupdn = "ldap:///cn=System: Read UPG Definition,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example |