Hi!
To my surprise the following does NOT work as intended:
<openca>
<access_control>
... (other interfaces listed)
<permission>
<module>32</module>
<role>Customer</role>
<operation>getStaticPage|setLanguage|genMenu|getParams|test_cert|revoke_req</operation>
<owner>.*</owner>
</permission>
<permission>
<module>32</module>
<role>root</role>
<operation>.*</operation>
<owner>.*</owner>
</permission>
</access_control>
</openca>
Version: Some cvs-Version around RC5
Location: <OPENCADIR>/etc/rbac/acl.xml
Intention: The "Customer" should be able to do everything BESIDES the "lists" command.
Reality: The "Customer" can do everything what "root" can do.
Logfile gives no additional info; "map_role" is "no"; "map_operation" is "no";
password logins
for "root" and "Customer" work correctly; I guess I got something about openca-acls
seriously
wrong..but WHAT?
Regards
Michael Portz
--
accom GmbH & Co. KG
Grüner Weg 100
52070 Aachen
Tel: +49 241 918 5228
Fax: +49 241 918 5299
-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users