[Freeipa-devel] [PATCH] add more delegation rules
Rob Crittenden
rcritten at redhat.com
Wed Apr 1 14:33:54 UTC 2009
Simo Sorce wrote:
> On Wed, 2009-03-25 at 11:17 -0400, Rob Crittenden wrote:
>> Fill in the ACIs and taskgroups for most of the plugins.
>>
>> This adds:
>> group administration
>> host administration
>> host group administration
>> delegation administration
>> service administration
>> automount administration
>> netgroup administration
>>
>> So far I've focused on granting write/add/del permissions. At some
>> point I may add in read/search ACIs as well.
>>
>> This still isn't going to, by default, allow one to grant write
>> access
>> to different containers as we still have a flat tree. The way that
>> can
>> be handled is by setting some attribute (say ou) to a value and then
>> adding that to the ACI. How one would do this without manually
>> updating
>> the ACI by hand is still up in the air. It may be that we still won't
>> support it directly but doing so will be a lot more possible in v2.
>
> ack
>
> although I wonder if just allowing 'add'/'delete' is always sufficient
> and you don't need 'write' ?
>
> Simo.
>
pushed to master
More information about the Freeipa-devel
mailing list