On Thursday, November 7, 2013 10:47:56 AM UTC-6, John Bollinger wrote: > > > > On Wednesday, November 6, 2013 5:50:35 AM UTC-6, Rob Reynolds wrote: >> >> Here is the ARM - >> https://github.com/puppetlabs/armatures/blob/master/arm-16.acls/index.md >> >> Also have some questions listed at >> https://github.com/puppetlabs/armatures/blob/master/arm-16.acls/index.md#open-questions >> >> > > And now for the "continue tearing it apart" part :-). Issues that occur > to me upon first reading of the ARM, in no particular order: > >
8. The ARM appears to indicate that Acl resources are expected to identify the object to which they apply via their titles. That is well, but it leaves me wondering why it is then necessary or appropriate for the Security_descriptor type to redundantly identify a DACL via property 'dacl'. 9. With respect to the note in the ARM about errors related to narrowing permissions, it would be highly desirable for the module to allow users to specify *minimum* permission requirements without having to declare *exact*permissions. That is, if I want to declare that some user can read a certain file, but I don't care whether he can modify it, then I don't want to be stuck guessing at or managing that file's inherited permissions in order to specify an acceptable exact set of permissions for that user. John -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/18e68401-3f16-4551-850a-18a3c68eb8ed%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
