On 06/10/2015 10:01 AM, David Kupka wrote: > On 06/10/2015 09:12 AM, Martin Kosek wrote: >> Hello Thierry/David, >> >> I saw the new privileges and permissions for the Staged Users functionality >> and >> found couple spelling/English issues that I think we should fix before >> Alpha/GA >> so that we can just rename them and not care about upgrade changes. >> >> Namely: >> >> # ipa permission-find stage | grep -i "Permission name" >> Permission name: System: Add Stage Users by Provisioning and >> Administrators >> >> Should be "System: Add Stage User" >> >> Permission should not care who will do it, it is privilege/role's job. >> >> Permission name: System: Delete modify Stage Users by administrators >> >> Why is Modify and Delete combined in 1 permission? >> >> Should be "System: Modify Stage User" and "System: Remove Stage User" >> >> Permission name: System: Preserve an active user to a delete Users >> >> Maybe "System: Preserve User"? We do not use "deleted users" bur rather >> "preserved users anyway" >> >> Permission name: System: Reactive delete users >> >> "System: Undelete User" to reflect the command name. >> >> Permission name: System: Read Stage User kerberos principal key and >> password >> >> Rather "System: Read Stage User password" - I do not think we need to call >> out >> the principal key explicitly, but this is negotiable. >> >> Permission name: System: Read Stage Users by administrators >> >> "System: Read Stage Users" >> >> Permission name: System: Read/Write delete Users by administrators >> >> This needs to be 2 permissions: >> >> "System: Read Preserved Users" >> "System: Modify Preserved Users" >> >> Permission name: System: Reset userPassord and kerberos keys of delete >> users >> by administrator >> >> Rather "System: Reset Preserved User password" >> >> Permission name: System: Write Active Users RDN by administrators >> >> Rather "System: Modify User RDN" >> >> Permission name: System: Write Delete Users RDN by administrators >> >> Why is this permission needed, isn't "System: Modify Preserved Users" enough? >> > Hello, > it's probably my fault, I should have paid more attention when reviewing the > patch set. I created ticket https://fedorahosted.org/freeipa/ticket/5057 and > can fix it. >
Great, thanks! Ideally, this should be fixed for Alpha - it should not be that hard, the names are now already proposed. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
