Jonathan Barber wrote:
On Tue, Dec 05, 2006 at 11:41:51PM +0200, Ersin Er wrote:
> Hi all,
>
> I am trying to use the "Show Effective Rights" feature via the console,
> however I get nothing when I check the box. Just an "Entry Level Rights:"
> label is displayed at the bottom of the window but no value is displayed for
> neither the Entry nor attributes.
>
> Do I have to do some more configuration to make this work?
>
I would guess that this is probably because you're not binding as the
Directory Manager, but rather the admin user, who doesn't have
permission to see the effective rights of other entries.
Now I have a question, is it possible to allow FDS to show the effective
rights of any entry in the server for any user (read access to the entry
permitting)? The documentation here:
http://directory.fedora.redhat.com/wiki/Get_Effective_Rights_Design#.22G....
suggests not. Are there plans for this to change? I ask as I am writing
an application for editing entries in FDS, and would like to customise
the display to only show those actions on an entry that the user can
actually make. I do not want to store the authentication credentials of
the Directory Manager within the application.
Samba 4 needs a similar feature, and such a feature would be very useful
to all UI clients for the purpose you describe above - being able to
show the fields editable by the user, and optionally those which are
not. With Fedora DS, a field may not be editable for a number of
reasons, ACI being just one of them. Other reasons would be the
NO-USER-MODIFICATION field set in the schema, or the attribute value is
virtual, and other reasons are possible as well.
See
https://www.redhat.com/archives/fedora-directory-devel/2006-November/msg0...
for a discussion about this issue.
Cheers.
> Thanks.
>
> --
> Ersin
>