Hi Martin,
>>I am currently on vacation and cannot dig into the code. If I remember
correctly a user may request revocation for certificates requested by
the same user id. If you wish to change this behavior you need to change
acl.xml for the role "User". If I remember correctly there is a workflow
acl entry that limits creation of CRRs to $creator. Change this to *
(see RA Officer or CA Officer for reference) and you should be fine.
I tried the following thing in user section in acl.xml but the error still
remains :
<read>
<!-- <creator>$self</creator> -->
<creator>.*</creator>
<type>I18N_OPENXPKI_WF_TYPE_CERTIFICATE_REVOCATION_REQUEST</type>
</read>
<read>
Further more I am sending you the error log :
2010/09/09 10:17:35 openxpki.system.DEBUG [OpenXPKI::Server::API (911)] Method
'get_current_config_id' called via API
2010/09/09 10:17:35 openxpki.auth.INFO [OpenXPKI::Server::ACL
(/usr/lib/perl5/site_perl/5.10.0/i586-linux-thread-multi/OpenXPKI/Server/ACL.pm:584)]
Exception: I18N_OPENXPKI_SERVER_ACL_AUTHORIZE_PERMISSION_DENIED; __PKI_REALM__
=> I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA; __AFFECTED_ROLE__ => ; __ACTIVITY__
=> Workflow::create_crr; __AUTH_ROLE__ => User
2010/09/09 10:17:35 Workflow.Exception.ERROR condition_error exception thrown
from [OpenXPKI::Server::Workflow::Condition::ACL: 57; before: Workflow::State:
149]: ARRAY(0xa6dda5c)
2010/09/09 10:17:35 Workflow.Exception.ERROR workflow_error exception thrown
from [Workflow::State: 154; before: Workflow::State: 57]: No access to action
'create_crr' in state 'INITIAL' because: ARRAY(0xa6dda5c)
Best Regards
Scott Thomas
------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:
Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
