diff options
author | Thierry Bordaz <tbordaz@redhat.com> | 2015-04-23 18:43:48 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2015-05-18 09:37:21 +0200 |
commit | 273fd057a3be797a05d6c7f34fd619d3dfa09c37 (patch) | |
tree | e731f1e78d472348cdbfdac7c341503c0ba96ed2 /ACI.txt | |
parent | 51937cc571ec8ea5e782b8dcd45f0ec5fe0f310b (diff) | |
download | freeipa-273fd057a3be797a05d6c7f34fd619d3dfa09c37.tar.gz freeipa-273fd057a3be797a05d6c7f34fd619d3dfa09c37.tar.xz freeipa-273fd057a3be797a05d6c7f34fd619d3dfa09c37.zip |
User life cycle: Add 'Stage User Provisioning' permission/priviledge
Add the ability for 'Stage user provisioning' priviledge to add
stage users.
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ACI.txt')
-rw-r--r-- | ACI.txt | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -213,7 +213,9 @@ aci: (targetattr = "createtimestamp || entryusn || ipakrbauthzdata || ipakrbprin dn: cn=services,cn=accounts,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Remove Services";allow (delete) groupdn = "ldap:///cn=System: Remove Services,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example -aci: (targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Add delete modify Stage Users by administrators";allow (add,delete,write) groupdn = "ldap:///cn=System: Add delete modify Stage Users by administrators,cn=permissions,cn=pbac,dc=ipa,dc=example";) +aci: (targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Add Stage Users by Provisioning and Administrators";allow (add) groupdn = "ldap:///cn=System: Add Stage Users by Provisioning and Administrators,cn=permissions,cn=pbac,dc=ipa,dc=example";) +dn: cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example +aci: (targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Delete modify Stage Users by administrators";allow (delete,write) groupdn = "ldap:///cn=System: Delete modify Stage Users by administrators,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (target_to = "ldap:///cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(target_from = "ldap:///cn=users,cn=accounts,dc=ipa,dc=example")(targetfilter = "(objectclass=nsContainer)")(version 3.0;acl "permission:System: Preserve an active user to a delete Users";allow (moddn) groupdn = "ldap:///cn=System: Preserve an active user to a delete Users,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example |