Issue #1421: Detect, report, and remove HBAC deny rules - freeipa

freeipa

#1421 Detect, report, and remove HBAC deny rules

Closed: Fixed None Opened 12 years ago by admiyo.

Recent changes remove HBAC deny rules. A system with these rules on there requires a deliberate approach to make suer that policy intent is still met by HBAC.

As part of the ipa_init batch command, run a query to find hbac-deny rules and return them as part of the batch result

When initializing the webUI, if the user is an administrator, and there are Deny rules, provie a popup window with a warning message and a link to the HBAC rules. Include a message that states the administrator should refresh the browser to rerun the check for no deny rules.

Display the deny rules in red in the HBAC Rule table.

admiyo commented 12 years ago

Fixed in e4a444b

Metadata Update from @admiyo:
- Issue assigned to admiyo
- Issue set to the milestone: FreeIPA 2.1 - 2011/07

7 years ago

Metadata

Assignee

admiyo

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 2.1 - 2011/07

None

affects_doc

None

source

None

knownissue

None

type

enhancement

blockedby

None

test_case

None

component

Web UI

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

tester

None

changelog

None

design

None

freeipa

Source Code

#1421 Detect, report, and remove HBAC deny rules Closed: Fixed None Opened 12 years ago by admiyo.

Metadata

#1421 Detect, report, and remove HBAC deny rules

Closed: Fixed None Opened 12 years ago by admiyo.