Issue #4034: New permissions system - freeipa

freeipa

#4034 New permissions system

Closed: Fixed None Opened 10 years ago by pviktori.

Split out from https://fedorahosted.org/freeipa/ticket/3566

Permission ACIs can be in the specific subtree they apply to
All ACI data is stored in the Permission entry (easier searching, manipulation, audit)
Allow read/search/compare permissions (small change lumped in here)
Ensure backward compatibility with old servers

This will enable/simplify other ACI changes: https://fedorahosted.org/freeipa/ticket/4032 https://fedorahosted.org/freeipa/ticket/4033

mkosek commented 10 years ago

master:

423bb38 Test adding noaci/system permissions to privileges[[BR]]
d38748d Make sure SYSTEM permissions can be retreived with --all --raw[[BR]]
7fc35ce permission plugin: Ensure ipapermlocation (subtree) always exists[[BR]]
53caa7a Roll back ACI changes on failed permission updates[[BR]]
f47669a Verify ACIs are added correctly in tests[[BR]]
d7ee87c Rewrite the Permission plugin[[BR]]
445634d Add new permission schema[[BR]]
8ddb5da Add tests for permission plugin with older clients[[BR]]
a1236b6 Allow Declarative test classes to specify the API version[[BR]]
a8ba5e0 Allow sets for initialization of frozenset-typed Param keywords[[BR]]

Metadata Update from @pviktori:
- Issue assigned to pviktori
- Issue set to the milestone: FreeIPA 4.0 - 2013/12

7 years ago

Metadata

Assignee

pviktori

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.0 - 2013/12

None

affects_doc

None

source

None

knownissue

None

type

task

blockedby

None

test_case

None

component

IPA

blocking

#3566

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

tester

None

changelog

None

design

http://www.freeipa.org/page/V3/Permissions_V2

freeipa

Source Code

#4034 New permissions system Closed: Fixed None Opened 10 years ago by pviktori.

Metadata

#4034 New permissions system

Closed: Fixed None Opened 10 years ago by pviktori.