Managed permission #107

tiran · 2020-06-02T14:00:15Z

Use managaged permisions for read access and self-service permissions
for self-write access. IPA does not (yet) support managed permissions
with self-write bind rule.

Signed-off-by: Christian Heimes cheimes@redhat.com

Use managaged permisions for read access and self-service permissions for self-write access. IPA does not (yet) support managed permissions with self-write bind rule. Signed-off-by: Christian Heimes <cheimes@redhat.com>

Make it possible to create a managed permission with ipapermbindruletype="self". The ACI will have bind rule '(userdn = "ldap:///self")'. Example ------- Allow users to modify their own fasTimezone and fasIRCNick attributes: ``` managed_permissions = { "System: Self-Modify FAS user attributes": { "ipapermright": {"write"}, "ipapermtargetfilter": ["(objectclass=fasuser)"], "ipapermbindruletype": "self", "ipapermdefaultattr": ["fasTimezone", "fasIRCNick"], } } ``` See: fedora-infra/freeipa-fas#107 Fixes: https://pagure.io/freeipa/issue/8348 Signed-off-by: Christian Heimes <cheimes@redhat.com>

Make it possible to create a managed permission with ipapermbindruletype="self". The ACI will have bind rule '(userdn = "ldap:///self")'. Example ------- Allow users to modify their own fasTimezone and fasIRCNick attributes: ``` managed_permissions = { "System: Self-Modify FAS user attributes": { "ipapermright": {"write"}, "ipapermtargetfilter": ["(objectclass=fasuser)"], "ipapermbindruletype": "self", "ipapermdefaultattr": ["fasTimezone", "fasIRCNick"], } } ``` See: fedora-infra/freeipa-fas#107 Fixes: https://pagure.io/freeipa/issue/8348 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>

Managed permission

bd34ff7

Use managaged permisions for read access and self-service permissions for self-write access. IPA does not (yet) support managed permissions with self-write bind rule. Signed-off-by: Christian Heimes <cheimes@redhat.com>

abompard merged commit 6730fdb into fedora-infra:master Jun 2, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Managed permission #107

Managed permission #107

tiran commented Jun 2, 2020

Managed permission #107

Managed permission #107

Conversation

tiran commented Jun 2, 2020