Re: [Pki-users] confused about access control list
On 04/22/2015 02:17 AM, Ali Khalidi wrote:
I've tried a simple example of using the ACL to block profile
listing
and it works. however, I want to disable a CA agent from
submitting/approving or executing any enrollment requests. I've went
through all the ACLs, and whenever I encountered a submit right, I
flipped to deny. despite that the agent still is able to submit and
enroll certificates.
information on access control can be found here:
https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/...
It would help if you give us an acl example that you tried that does not
work?
another aspect, I was looking into the user_orgreq ACL plugin. can
someone provide and an example on how this can be used in the context
of ACLs?
The user_origreq is an access evaluator plugin for the
UserOrigReqAccessEvaluator. Its primary purpose is for access control
during renewal. It checks to see the the authenticated user and the
original request ownership match.
Hope this helps.
thanks,
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
Attachments:
- attachment.html (text/html — 2.6 KB)