[Fedora-directory-users] Show Effective Rights via the console
Richard Megginson
rmeggins at redhat.com
Wed Dec 6 17:01:32 UTC 2006
Jonathan Barber wrote:
> On Tue, Dec 05, 2006 at 11:41:51PM +0200, Ersin Er wrote:
>
>> Hi all,
>>
>> I am trying to use the "Show Effective Rights" feature via the console,
>> however I get nothing when I check the box. Just an "Entry Level Rights:"
>> label is displayed at the bottom of the window but no value is displayed for
>> neither the Entry nor attributes.
>>
>> Do I have to do some more configuration to make this work?
>>
>
> I would guess that this is probably because you're not binding as the
> Directory Manager, but rather the admin user, who doesn't have
> permission to see the effective rights of other entries.
>
> Now I have a question, is it possible to allow FDS to show the effective
> rights of any entry in the server for any user (read access to the entry
> permitting)? The documentation here:
>
> http://directory.fedora.redhat.com/wiki/Get_Effective_Rights_Design#.22G.22_Permission
>
> suggests not. Are there plans for this to change? I ask as I am writing
> an application for editing entries in FDS, and would like to customise
> the display to only show those actions on an entry that the user can
> actually make. I do not want to store the authentication credentials of
> the Directory Manager within the application.
>
Samba 4 needs a similar feature, and such a feature would be very useful
to all UI clients for the purpose you describe above - being able to
show the fields editable by the user, and optionally those which are
not. With Fedora DS, a field may not be editable for a number of
reasons, ACI being just one of them. Other reasons would be the
NO-USER-MODIFICATION field set in the schema, or the attribute value is
virtual, and other reasons are possible as well.
See
https://www.redhat.com/archives/fedora-directory-devel/2006-November/msg00000.html
for a discussion about this issue.
> Cheers.
>
>
>> Thanks.
>>
>> --
>> Ersin
>>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20061206/880a2a49/attachment.bin>
More information about the 389-users
mailing list