[Pki-users] confused about access control list
Christina Fu
cfu at redhat.com
Fri Apr 24 16:31:09 UTC 2015
On 04/22/2015 02:17 AM, Ali Khalidi wrote:
> I've tried a simple example of using the ACL to block profile listing
> and it works. however, I want to disable a CA agent from
> submitting/approving or executing any enrollment requests. I've went
> through all the ACLs, and whenever I encountered a submit right, I
> flipped to deny. despite that the agent still is able to submit and
> enroll certificates.
>
information on access control can be found here:
https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Authorization_for_CRTS_Users.html
It would help if you give us an acl example that you tried that does not
work?
>
> another aspect, I was looking into the user_orgreq ACL plugin. can
> someone provide and an example on how this can be used in the context
> of ACLs?
The user_origreq is an access evaluator plugin for the
UserOrigReqAccessEvaluator. Its primary purpose is for access control
during renewal. It checks to see the the authenticated user and the
original request ownership match.
Hope this helps.
>
> thanks,
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20150424/805036bb/attachment.htm>
More information about the Pki-users
mailing list