On 07/25/2011 01:01 PM, Alexander Bokovoy wrote: > On 25.07.2011 19:57, Jenny Galipeau wrote: >>> 1. No option specified. Default case, run simulation against all >>> enabled >>> IPA rules. >>> >>> 2. --rules specified. Run simulation against only those rules in >>> --rules. >>> >>> 3. --rules and --enabled specified. Run simulation against all enabled >>> IPA rules _and_ additionally enable those in --rules. This is a case >>> of >>> testing new HBAC rules before going to production. >> If you are not going to target specific rules, do you still have to supply >> the --rules option on the command line? I would think just --enabled or >> --disabled?
--rules is needed to specify additional rules. > By default, if you don't supply --rules, --enabled, or --disabled, you > are targeting all enabled IPA rules (case 1 above). This is default > because this is what people would probably like to test: whether user is > able to access the service. > > So, default one (no --rules, --enabled, or disabled) would imply --enabled. > Ok are we settled on: --enabled (if all flags are omitted this is default) --disabled --rules=a,b,c or on --enabled=A, B, C (if all flags are omitted this is default) --disabled=X, Y, Z >>> During test simulation of such access granting it is important to >>> understand which rule has caused a problem, be it excessive access >>> grant >>> or premature deny. '--detail' is an option which allows to see how >>> simulation went, which rules granted access and which denied. >> Got it , so maybe it was just the wording in the help output that confused >> me. "Details of the rule(s) being validated" ? > May be "Show which rules are passed, denied, and invalid"? > > Makes sense. -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-devel mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-devel