[Freeipa-devel] ACI permissions UI up for review
Dmitri Pal
dpal at redhat.com
Mon Dec 13 20:12:43 UTC 2010
Adam Young wrote:
> On 12/13/2010 11:27 AM, Dmitri Pal wrote:
>> >
>> > Sorry this whole part just does not make sense to me. What is the target
>> > group? Where it came from?
>> >
>>
> One ACI that uses this is 'add_user_to_default_group. This is used in
> the permission 'useradmin'.
>
>
> The json response for permission-show looks like this:
> |{
> || "error": null,
> || "id": 2,
> || "result": {
> || "result": {
> || "attributelevelrights": {
> || "aci": "rscwo",
> || "businesscategory": "rscwo",
> || "cn": "rscwo",
> || "description": "rscwo",
> || "member": "rscwo",
> || "nsaccountlock": "rscwo",
> || "o": "rscwo",
> || "objectclass": "rscwo",
> || "ou": "rscwo",
> || "owner": "rscwo",
> || "seealso": "rscwo"
> || },
> || "attrs": [
> || "member"
> || ],
> || "cn": [
> || "add_user_to_default_group"
> || ],
> || "description": [
> || "Add user to default group"
> || ],
> || "dn": "cn=add_user_to_default_group,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel||,dc=redhat,dc=com",
> || "member_privilege": [
> || "useradmin"
> || ],
> || "objectclass": [
> || "top",
> || "groupofnames"
> || ],
> || "permissions": [
> || "write"
> || ],
> || "targetgroup": "ldap:///cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc||=redhat,dc=com"
> || },
> || "summary": null,
> || "value": "add_user_to_default_group"
> || }
> ||}|
>
IMO this is a special case and should end up in the generic LDAP filter.
Rob it seems this case is unclear and we need to sort it out.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list