On Thu, Nov 7, 2013 at 1:35 PM, John Bollinger <john.bollin...@stjude.org>wrote:
> > > On Thursday, November 7, 2013 10:47:56 AM UTC-6, John Bollinger wrote: >> >> >> >> On Wednesday, November 6, 2013 5:50:35 AM UTC-6, Rob Reynolds wrote: >>> >>> Here is the ARM - https://github.com/puppetlabs/armatures/blob/ >>> master/arm-16.acls/index.md >>> >>> Also have some questions listed at https://github.com/puppetlabs/ >>> armatures/blob/master/arm-16.acls/index.md#open-questions >>> >>> >> >> And now for the "continue tearing it apart" part :-). Issues that occur >> to me upon first reading of the ARM, in no particular order: >> >> > > 8. The ARM appears to indicate that Acl resources are expected to > identify the object to which they apply via their titles. That is well, > but it leaves me wondering why it is then necessary or appropriate for the > Security_descriptor type to redundantly identify a DACL via property 'dacl'. > Actually that is not the case. It is just a unique title so an ACL could be applied to multiple security descriptor types. Note that nowhere is a path defined here: https://github.com/puppetlabs/armatures/blob/master/arm-16.acls/index.md#acl-type > > 9. With respect to the note in the ARM about errors related to narrowing > permissions, it would be highly desirable for the module to allow users to > specify *minimum* permission requirements without having to declare > *exact* permissions. That is, if I want to declare that some user can > read a certain file, but I don't care whether he can modify it, then I > don't want to be stuck guessing at or managing that file's inherited > permissions in order to specify an acceptable exact set of permissions for > that user. > > > John > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-dev+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-dev/18e68401-3f16-4551-850a-18a3c68eb8ed%40googlegroups.com > . > > For more options, visit https://groups.google.com/groups/opt_out. > -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/CAMJiBK6hnChTrxn9i5PSaLofbJ3C%3D4_Ym4CKZvDk7-MUOnUFng%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
