[Freeipa-devel] Access control
Karl MacMillan
kmacmill at redhat.com
Tue Sep 11 18:21:32 UTC 2007
I started a page on access control for v1 at
http://freeipa.org/page/AccessControl. Not a whole lot there right now -
just some use cases and initial thoughts.
I have some questions:
How do we control which users / groups a user can modify or read? The
FDS ACI allow all sorts of control over which entry a user can access
(by DN, ldap search, etc.). I'd like to present enough power while
keeping things simple.
How can we determine what access a user has without trying an action?
This is needed for presenting editing forms that don't allow you to make
modifications of entries you're not allowed to edit.
Should we show blank fields if the user can't read an attribute or just
omit the field altogether?
Karl
More information about the Freeipa-devel
mailing list