[Freeipa-devel] [389-devel] Design review (second): Access control on entries specified in MODDN operation (ticket 47553)
thierry bordaz
tbordaz at redhat.com
Thu Feb 27 15:46:12 UTC 2014
Hello,
Thanks to all your feedbacks, they helped me a lot and raised a severe
limitation in the original design.
I updated the design following the aci syntax proposed during the
discussion.
On the implementation side, it is a bit more complex but less than I
expected. I have not yet investigated the impact of ger operations.
I think a big work will be the test side as the ACI syntax provides many
options.
http://port389.org/wiki/Access_control_on_trees_specified_in_MODDN_operation
Note: I kept for the moment the original design in 'alternative no1'.
regards
thierry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140227/e273d575/attachment.htm>
More information about the Freeipa-devel
mailing list