I saw the new privileges and permissions for the Staged Users functionality and
found couple spelling/English issues that I think we should fix before Alpha/GA
so that we can just rename them and not care about upgrade changes.
# ipa permission-find stage | grep -i "Permission name"
Permission name: System: Add Stage Users by Provisioning and Administrators
Should be "System: Add Stage User"
Permission should not care who will do it, it is privilege/role's job.
Permission name: System: Delete modify Stage Users by administrators
Why is Modify and Delete combined in 1 permission?
Should be "System: Modify Stage User" and "System: Remove Stage User"
Permission name: System: Preserve an active user to a delete Users
Maybe "System: Preserve User"? We do not use "deleted users" bur rather
"preserved users anyway"
Permission name: System: Reactive delete users
"System: Undelete User" to reflect the command name.
Permission name: System: Read Stage User kerberos principal key and password
Rather "System: Read Stage User password" - I do not think we need to call out
the principal key explicitly, but this is negotiable.
Permission name: System: Read Stage Users by administrators
"System: Read Stage Users"
Permission name: System: Read/Write delete Users by administrators
This needs to be 2 permissions:
"System: Read Preserved Users"
"System: Modify Preserved Users"
Permission name: System: Reset userPassord and kerberos keys of delete users
Rather "System: Reset Preserved User password"
Permission name: System: Write Active Users RDN by administrators
Rather "System: Modify User RDN"
Permission name: System: Write Delete Users RDN by administrators
Why is this permission needed, isn't "System: Modify Preserved Users" enough?
Martin Kosek <mko...@redhat.com>
Supervisor, Software Engineering - Identity Management Team
Red Hat Inc.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code