[Freeipa-devel] [PATCH] 695 rename permissions and privileges

Rob Crittenden rcritten at redhat.com
Mon Jan 31 16:03:17 UTC 2011 

Martin Kosek wrote:
> On Fri, 2011-01-28 at 18:48 -0500, Rob Crittenden wrote:
>> Rob Crittenden wrote:
>>> Rename permissions and privileges to more human-readable names. I'm also
>>> dropping description from permissions since it seems redundant.
>>>
>>> Note that the entitlement acis are left untouched here, they are changed
>>> in a pending patch (664).
>>>
>>> ticket 792
>>>
>>> rob
>>
>> I guess I should remove description from the pre-defined permission
>> entries too.
>>
>> rob
>
> NACK
>
> I have found some minor inconsistencies in LDIF (except the entitlements
> permission/priviledge naming you mentioned in log):
>
> 1) A description is still present for several permissions:
> Retrieve Certificates from the CA
> Request Certificate
> Request Certificates from a different host
> Get Certificates status from the CA
> Revoke Certificate
> Certificate Remove Hold
>
> 2) Priviledge cn=admins,cn=privileges,cn=pbac,$SUFFIX does not exists. I
> know this was not changed by your patch, but I noticed it during the
> review and now may be a good opportunity to fix it:
>
> dn: cn=Manage service keytab,cn=permissions,cn=pbac,$SUFFIX
> changetype: add
> objectClass: top
> objectClass: groupofnames
> cn: Manage service keytab
> member: cn=Service Administrators,cn=privileges,cn=pbac,$SUFFIX
> member: cn=admins,cn=privileges,cn=pbac,$SUFFIX<==
>
>
>
> permission.py:
>
> 1) This uncommon number order may rise questions :-)
>
> 1. The name of the permission.
> 3. The target of the permission.
> 4. The permissions granted by the permission.
>
> 2) I would change default permission-add examples to follow our new
> permission-naming format (more verbose one), i.e. instead of
>
>   Add a permission that grants the creation of users:
>     ipa permission-add --type=user --permissions=add adduser
>
> I would like something like this:
>
>   Add a permission that grants the creation of users:
>     ipa permission-add --type=user --permissions=add "Add Users"
>
>
>
> Other changes seems OK.
>
> Martin
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

Updated patch attached
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-695-3-permissions.patch
Type: text/x-patch
Size: 66564 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110131/c3f19147/attachment.bin>

More information about the Freeipa-devel mailing list