diff options
Diffstat (limited to 'ipalib/plugins/role.py')
-rw-r--r-- | ipalib/plugins/role.py | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/ipalib/plugins/role.py b/ipalib/plugins/role.py index 2837c418b..04088b82a 100644 --- a/ipalib/plugins/role.py +++ b/ipalib/plugins/role.py @@ -66,6 +66,7 @@ class role(LDAPObject): object_name = _('role') object_name_plural = _('roles') object_class = ['groupofnames', 'nestedgroup'] + permission_filter_objectclasses = ['groupofnames'] default_attributes = ['cn', 'description', 'member', 'memberof', 'memberindirect', 'memberofindirect', ] @@ -77,6 +78,18 @@ class role(LDAPObject): 'member': ['privilege'], } rdn_is_primary_key = True + managed_permissions = { + 'System: Read Roles': { + 'replaces_global_anonymous_aci': True, + 'ipapermbindruletype': 'permission', + 'ipapermright': {'read', 'search', 'compare'}, + 'ipapermdefaultattr': { + 'businesscategory', 'cn', 'description', 'member', 'memberof', + 'o', 'objectclass', 'ou', 'owner', 'seealso', + }, + 'default_privileges': {'RBAC Readers'}, + }, + } label = _('Roles') label_singular = _('Role') |