> > > value_authorization Authorizations allow changing the
> > > values of any property of the property
> > > - group except modify_authorization.
> > > + group except modify_authorization, and
> > > + the retrieval of any property values
> > > + except modify_authorization from the
> > > + property group if sensitive.
> >
> > Does this case modify the action of value_authorization with
> > respect to modify_authorization? I'm not sure what it is
> > saying. I can read it as saying the value_authorization
> > doesn't allow the retrieval of the value of a modify_authorization
> > that is present in a sensitive property group. I'm not sure
> > that makes sense.
> >
> > The way I've read this proposal, if I can change the sensitive
> > property value, I can read it. Please clarify.
>
> Correct - if you can change it, you can read it. Having an
> authorization named by value_authorization is not sufficient to change
> the values of modify_authorization; therefore, for sensitive property
> groups, neither is it sufficient to read those values.
Hummm, the reply doesn't make sense to me. Maybe I still don't
understand it.
Without authorization can't I read all property values today,
including the ones I can't set? It seems to me that I should
be able to read all the property values, including the ones I
can't set that do not have a read_authorization associated with
them. I don't see a reason to change this. If changed, it
would seem to be an incompatible change.
tundra.eng-gww[141]: svcprop network/ipv4-forwarding
routeadm/default-ipv4-forwarding boolean false
routeadm/value_authorization astring solaris.smf.value.routing
Gary..
