Issue #4346: Convert write permissions to managed - freeipa

freeipa

#4346 Convert write permissions to managed

Closed: Fixed None Opened 9 years ago by pviktori.

As part of the access control effort (#3566 and related tickets), we want to change existing default permissions to be managed permissions.

Tickets #3697, #4344 should be fixed as part of this change.

pviktori commented 9 years ago

In addition to #3697 and #4344, tickets #4252 and #3942 should also be fixed as the permissions are migrated.

pviktori commented 9 years ago

The first batch of commits is in master:

acb2ca4 Add mechanism for updating permissions to managed
91a5aec Convert Sudo rule default permissions to managed
f802845 Add missing attributes to 'Modify Sudo rule' permission

mkosek commented 9 years ago

master:

e0cafea managed perm updater: Handle case where we changed default ACIs in the past
53a63ae Convert User default permissions to managed
46faed0 Add missing attributes to User managed permissions

pviktori commented 9 years ago

non-SYSTEM default perms for DNS:

16ee684 managed permission updater: Add mechanism to replace SYSTEM permissions
853b6ef Convert DNS default permissions to managed
700ac6c Remove the update_dns_permissions plugin

pviktori commented 9 years ago

pwpolicy & costemplate:

83cb982 Add $REALM to variables supported by the managed permission updater
ca465e8 Convert COSTemplate default permissions to managed
49e8325 Convert Password Policy default permissions to managed

pviktori commented 9 years ago

host:

8a51103 Convert Host default permissions to managed
14e2eb9 host permissions: Allow writing attributes needed for automatic enrollment

mkosek commented 9 years ago

master:

afac09b Convert Automount default permissions to managed
af36627 Convert Group default permissions to managed
81d8c8a Convert HBAC Rule default permissions to managed
49abbb1 Convert HBAC Service default permissions to managed
8e8e6b1 Convert HBAC Service Group default permissions to managed
978af07 Convert Hostgroup default permissions to managed
0c4d13e Convert Netgroup default permissions to managed
f881f06 Convert the Modify privilege membership permission to managed
820a604 Convert Role default permissions to managed
f8dc518 Convert SELinux User Map default permissions to managed
439dd7f Convert Service default permissions to managed
6b47862 Convert Sudo Command default permissions to managed
52003a9 Convert Sudo Command Group default permissions to managed
175b19b Add several CRUD default permissions
628bed8 test_permission_plugin: Fix permission_find test for legacy permissions

mkosek commented 9 years ago

System permissions are not converted yet, but that part is not required for 4.0 and can be changed later.

I am thus closing this ticket as fixed.

Metadata Update from @pviktori:
- Issue assigned to pviktori
- Issue set to the milestone: FreeIPA 4.0 - 2014/06

7 years ago

Metadata

Assignee

pviktori

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.0 - 2014/06

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

Access control

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

tester

None

changelog

None

design

None

freeipa

Source Code

#4346 Convert write permissions to managed Closed: Fixed None Opened 9 years ago by pviktori.

Metadata

#4346 Convert write permissions to managed

Closed: Fixed None Opened 9 years ago by pviktori.