[Freeipa-devel] Draft: Read permissions for user
Martin Kosek
mkosek at redhat.com
Wed Apr 16 13:47:01 UTC 2014
On 04/16/2014 03:41 PM, Simo Sorce wrote:
> On Wed, 2014-04-16 at 15:08 +0200, Martin Kosek wrote:
>> On 04/15/2014 04:55 PM, Petr Viktorin wrote:
...
>>> [mepOriginEntry]
>>> mepManagedEntry
>>
>> This is used to bind user to it's private group. We use it for example in
>> group-detach command to distinguish between managed and non-managed groups.
>>
>> We may want to show it to all authenticated users.
>
> Do we need to ?
> It is only interesting for internal/administrative operations.
After reading the code closely, I see we mostly decide whether an object is
managed or not by present of the mepManagedEntry _objetclass_. Reading
attribute may not be required if we do not want to display it.
We just need to allow it for people operating group-detach command is it writes
to it.
Martin
More information about the Freeipa-devel
mailing list