diff options
Diffstat (limited to 'ipalib/plugins/service.py')
| -rw-r--r-- | ipalib/plugins/service.py | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index 0572a0ae2..8d6a14711 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -330,6 +330,36 @@ class service(LDAPObject): 'krbobjectreferences', }, }, + 'System: Add Services': { + 'ipapermright': {'add'}, + 'replaces': [ + '(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Add Services";allow (add) groupdn = "ldap:///cn=Add Services,cn=permissions,cn=pbac,$SUFFIX";)', + ], + 'default_privileges': {'Service Administrators'}, + }, + 'System: Manage Service Keytab': { + 'ipapermright': {'write'}, + 'ipapermdefaultattr': {'krblastpwdchange', 'krbprincipalkey'}, + 'replaces': [ + '(targetattr = "krbprincipalkey || krblastpwdchange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Manage service keytab";allow (write) groupdn = "ldap:///cn=Manage service keytab,cn=permissions,cn=pbac,$SUFFIX";)', + ], + 'default_privileges': {'Service Administrators'}, + }, + 'System: Modify Services': { + 'ipapermright': {'write'}, + 'ipapermdefaultattr': {'usercertificate'}, + 'replaces': [ + '(targetattr = "usercertificate")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Modify Services";allow (write) groupdn = "ldap:///cn=Modify Services,cn=permissions,cn=pbac,$SUFFIX";)', + ], + 'default_privileges': {'Service Administrators'}, + }, + 'System: Remove Services': { + 'ipapermright': {'delete'}, + 'replaces': [ + '(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Remove Services";allow (delete) groupdn = "ldap:///cn=Remove Services,cn=permissions,cn=pbac,$SUFFIX";)', + ], + 'default_privileges': {'Service Administrators'}, + }, } label = _('Services') |