Logging just not to loose the track of it. If this is already addressed please close.
===========================================
Group to Group Delegation
A permission enables fine-grained delegation of permissions. Access Control Rules, or instructions (ACIs), grant permission to permissions to perform given tasks such as adding a user, modifying a group, etc.
I think this was getting updated to "A permission enables fine-grained delegation of rights" or something similar. The current terminology/phraseology is just confusing.
Group to Group Delegations grants the members of one group to update a set of attributes of members of another group.
This needs an update. Subjects and verbs don't agree, missing objects...
EXAMPLES:
Add a delegation rule to allow editors to edit admin's addresses: ipa delegation-add --attrs=street --membergroup=admins --group=editors 'editors edit admins street'
'editors edit admins street' s/admins/admin's/
Same goes for all the following:
When managing the list of attributes you need to include all attributes in the list, including existing ones. Add postalCode to the list: ipa delegation-mod --attrs=street,postalCode --membergroup=admins --group=editors 'editors edit admins street'
Display our updated rule: ipa delegation-show 'editors edit admins street'
Delete a rule: ipa delegation-del 'editors edit admins street'
I can provide updates when we're looking at 2.1 bugs
To make things clearer I'm going to use two new group names, managers and employees.
So the delegation will be "managers edit employees' addresses"
attachment freeipa-rcrit-849-delegation.patch
I reviewed the patch, and all the changes look good and grammatical.
master: aa2bd24
ipa-2-1: 3a9f626
Metadata Update from @dpal: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.1.1 (bug fixing)
Login to comment on this ticket.