[Freeipa-devel] [PATCH] add more delegation rules
Simo Sorce
ssorce at redhat.com
Wed Apr 1 14:58:19 UTC 2009
On Mon, 2009-03-30 at 10:18 -0400, Rob Crittenden wrote:
> >
> > although I wonder if just allowing 'add'/'delete' is always
> sufficient
> > and you don't need 'write' ?
> >
> > Simo.
> >
>
> add lets you write any attribute during entry creation. Likewise
> delete
> permission lets you delete an entire entry, even if you lack write
> permission on one or more of the attributes.
Ok, that's what I thought, thanks for confirming.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list