[Freeipa-devel] [PATCH] add more delegation rules
Rob Crittenden
rcritten at redhat.com
Wed Mar 25 15:17:03 UTC 2009
Fill in the ACIs and taskgroups for most of the plugins.
This adds:
group administration
host administration
host group administration
delegation administration
service administration
automount administration
netgroup administration
So far I've focused on granting write/add/del permissions. At some
point I may add in read/search ACIs as well.
This still isn't going to, by default, allow one to grant write access
to different containers as we still have a flat tree. The way that can
be handled is by setting some attribute (say ou) to a value and then
adding that to the ACI. How one would do this without manually updating
the ACI by hand is still up in the air. It may be that we still won't
support it directly but doing so will be a lot more possible in v2.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-169-delegation.patch
Type: application/mbox
Size: 16238 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090325/104d6571/attachment.mbox>
More information about the Freeipa-devel
mailing list