On Mon, 2011-01-31 at 11:03 -0500, Rob Crittenden wrote: > Martin Kosek wrote: > > On Fri, 2011-01-28 at 18:48 -0500, Rob Crittenden wrote: > >> Rob Crittenden wrote: > >>> Rename permissions and privileges to more human-readable names. I'm also > >>> dropping description from permissions since it seems redundant. > >>> > >>> Note that the entitlement acis are left untouched here, they are changed > >>> in a pending patch (664). > >>> > >>> ticket 792 > >>> > >>> rob > >> > >> I guess I should remove description from the pre-defined permission > >> entries too. > >> > >> rob > > > > NACK > > > > I have found some minor inconsistencies in LDIF (except the entitlements > > permission/priviledge naming you mentioned in log): > > > > 1) A description is still present for several permissions: > > Retrieve Certificates from the CA > > Request Certificate > > Request Certificates from a different host > > Get Certificates status from the CA > > Revoke Certificate > > Certificate Remove Hold > > > > 2) Priviledge cn=admins,cn=privileges,cn=pbac,$SUFFIX does not exists. I > > know this was not changed by your patch, but I noticed it during the > > review and now may be a good opportunity to fix it: > > > > dn: cn=Manage service keytab,cn=permissions,cn=pbac,$SUFFIX > > changetype: add > > objectClass: top > > objectClass: groupofnames > > cn: Manage service keytab > > member: cn=Service Administrators,cn=privileges,cn=pbac,$SUFFIX > > member: cn=admins,cn=privileges,cn=pbac,$SUFFIX<== > > > > > > > > permission.py: > > > > 1) This uncommon number order may rise questions :-) > > > > 1. The name of the permission. > > 3. The target of the permission. > > 4. The permissions granted by the permission. > > > > 2) I would change default permission-add examples to follow our new > > permission-naming format (more verbose one), i.e. instead of > > > > Add a permission that grants the creation of users: > > ipa permission-add --type=user --permissions=add adduser > > > > I would like something like this: > > > > Add a permission that grants the creation of users: > > ipa permission-add --type=user --permissions=add "Add Users" > > > > > > > > Other changes seems OK. > > > > Martin > > > > _______________________________________________ > > Freeipa-devel mailing list > > Freeipa-devel@redhat.com > > https://www.redhat.com/mailman/listinfo/freeipa-devel > > Updated patch attached
ACK. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel