summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins/role.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipalib/plugins/role.py')
-rw-r--r--ipalib/plugins/role.py13
1 files changed, 13 insertions, 0 deletions
diff --git a/ipalib/plugins/role.py b/ipalib/plugins/role.py
index 2837c418b..04088b82a 100644
--- a/ipalib/plugins/role.py
+++ b/ipalib/plugins/role.py
@@ -66,6 +66,7 @@ class role(LDAPObject):
object_name = _('role')
object_name_plural = _('roles')
object_class = ['groupofnames', 'nestedgroup']
+ permission_filter_objectclasses = ['groupofnames']
default_attributes = ['cn', 'description', 'member', 'memberof',
'memberindirect', 'memberofindirect',
]
@@ -77,6 +78,18 @@ class role(LDAPObject):
'member': ['privilege'],
}
rdn_is_primary_key = True
+ managed_permissions = {
+ 'System: Read Roles': {
+ 'replaces_global_anonymous_aci': True,
+ 'ipapermbindruletype': 'permission',
+ 'ipapermright': {'read', 'search', 'compare'},
+ 'ipapermdefaultattr': {
+ 'businesscategory', 'cn', 'description', 'member', 'memberof',
+ 'o', 'objectclass', 'ou', 'owner', 'seealso',
+ },
+ 'default_privileges': {'RBAC Readers'},
+ },
+ }
label = _('Roles')
label_singular = _('Role')
generated by cgit (git 2.34.1) at 2024-05-19 01:34:33 +0000