summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins/automember.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipalib/plugins/automember.py')
-rw-r--r--ipalib/plugins/automember.py29
1 files changed, 29 insertions, 0 deletions
diff --git a/ipalib/plugins/automember.py b/ipalib/plugins/automember.py
index 4b3f6f06f..dad35d458 100644
--- a/ipalib/plugins/automember.py
+++ b/ipalib/plugins/automember.py
@@ -183,10 +183,39 @@ class automember(LDAPObject):
object_name = 'Automember rule'
object_name_plural = 'Automember rules'
object_class = ['top', 'automemberregexrule']
+ permission_filter_objectclasses = ['automemberregexrule']
default_attributes = [
'automemberinclusiveregex', 'automemberexclusiveregex',
'cn', 'automembertargetgroup', 'description', 'automemberdefaultgroup'
]
+ managed_permissions = {
+ 'System: Read Automember Definitions': {
+ 'non_object': True,
+ 'ipapermlocation': DN(container_dn, api.env.basedn),
+ 'ipapermtargetfilter': {'(objectclass=automemberdefinition)'},
+ 'replaces_global_anonymous_aci': True,
+ 'ipapermbindruletype': 'permission',
+ 'ipapermright': {'read', 'search', 'compare'},
+ 'ipapermdefaultattr': {
+ 'objectclass', 'cn', 'automemberscope', 'automemberfilter',
+ 'automembergroupingattr', 'automemberdefaultgroup',
+ 'automemberdisabled',
+ },
+ 'default_privileges': {'Automember Readers',
+ 'Automember Task Administrator'},
+ },
+ 'System: Read Automember Rules': {
+ 'replaces_global_anonymous_aci': True,
+ 'ipapermbindruletype': 'permission',
+ 'ipapermright': {'read', 'search', 'compare'},
+ 'ipapermdefaultattr': {
+ 'cn', 'objectclass', 'automembertargetgroup', 'description',
+ 'automemberexclusiveregex', 'automemberinclusiveregex',
+ },
+ 'default_privileges': {'Automember Readers',
+ 'Automember Task Administrator'},
+ },
+ }
label = _('Auto Membership Rule')
generated by cgit (git 2.34.1) at 2025-09-13 04:58:12 +0000