Début de formalisation des règles d'accès
This commit is contained in:
parent
45c4cc66d4
commit
8b5e367823
|
@ -0,0 +1,35 @@
|
|||
# Accès super-utilisateur
|
||||
to *
|
||||
by dn.regex="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
|
||||
by group.exact="cn=admin,ou=groups,$SUFFIX" manage
|
||||
by * break
|
||||
|
||||
# Branche people
|
||||
to dn.regex="uid=[^,]+,ou=people,$SUFFIX" attrs=supannAliasLogin,supannListeRouge,eduPersoNickname,supannMailPerso,userPassword,labeledURI
|
||||
by self write break
|
||||
by * break
|
||||
|
||||
# Les accès aux autres attributs utilisateurs
|
||||
to dn.one="ou=people,$SUFFIX"
|
||||
by users read
|
||||
by anonymous auth
|
||||
by * none
|
||||
|
||||
# Branche groups
|
||||
to dn.one="ou=groups,$SUFFIX"
|
||||
by set="this/owner & user" manage
|
||||
by * break
|
||||
|
||||
to dn.one="ou=groups,$SUFFIX" attrs=cn,description,owner,supannRefId
|
||||
by users read
|
||||
by * break
|
||||
|
||||
to dn.one="ou=groups,$SUFFIX" attrs=member
|
||||
by set="this/supannGroupeAdminDN/member* & user" write
|
||||
by set="this/supannGroupeAdminDN & user" write
|
||||
by set="this/supannGroupeLecteurDN/member* & user" read
|
||||
by set="this/supannGroupeLecteurDN & user" read
|
||||
|
||||
# Les accès à la branche des structures
|
||||
to dn.one="ou=structures,$SUFFIX"
|
||||
by * read
|
Reference in New Issue