On Fri, Aug 17, 2012 at 10:36:17AM +0200, Lars Marowsky-Bree wrote: > On 2012-08-17T08:19:45, Ulrich Windl <ulrich.wi...@rz.uni-regensburg.de> > wrote: > > There is a acess control concept (ACLs) based on XPath. Unfortunately > > that would require to exactly describe the data model of the CIB to > > really implement proven access restrictions. It's a bit > > complicated... > > The ACL model targets common use cases like "I want my operations staff > to see, but not modify" or "This person is allowed to see, but only > start/stop a single resource". These use cases are trivial to express in > the shell, for example.
There are shortcuts for all common constructs. Unless one has a really complex security requirements, the set of ACL rules should never need to make use of XPath. We spent quite some time discussing this in order to make it as easy as possible for end users. Thanks, Dejan _______________________________________________ Linux-HA mailing list Linux-HA@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems