[
https://issues.apache.org/jira/browse/DIRSERVER-989?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ersin Er closed DIRSERVER-989.
------------------------------
> allAttributeValues protected item is not handled correctly by the
> Authorization subsystem in Modify operations
> --------------------------------------------------------------------------------------------------------------
>
> Key: DIRSERVER-989
> URL: https://issues.apache.org/jira/browse/DIRSERVER-989
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 1.0.2, 1.5.0
> Reporter: Ersin Er
> Assignee: Ersin Er
> Fix For: 1.5.1, 1.0.3
>
>
> allAttributeValues protectedItem only applies to attribute values, not
> attribute types. So if grantAdd is permitted only for allAttributeValue, only
> a new value to an existing attribute can be added. To create a new attribute
> with an initial value, grantAdd permission is needed for both the attribute
> type and the value. This can be achieved with several combinations like
> {attributeType{X}, attributeValue{Y}}, {attributeType{X},
> allAttributeValues}, {allAttributeTypes, attributeValues},
> {allUserAttributeValuesAndTypes}. The same approach applies to modifications
> including deletes.
> The explanations here are based on the Security chapter of the X.500 spec and
> and the related chapter in the X.500 book by Chadwick.
> To comply with this approach, modify operations should be handled with more
> granularity in the AuthorizationService and some existing unit tests need to
> be updated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
