We need to substitute number by other in a string. To avoid case where the
substitution string will match another substitution, a preliminary
substitution with random strings is done. Then, random strings are substituted
by the final strings.
- A root ABAC admin role has been created
- Each policy has an ABAC admin role
- Add interface to give this role to administrators
- Add items on the modify policy view to add or remove ABAC permissions
- Manage deletion of ABAC permissions
- Files for the administration to add ABAC permissions created,
but not yet implemented
The following options to compare attributes are now supported:
All:
NO_MULTIVALUES,
Equality:
EQUAL_ONE_VALUE, EQUAL_OP1_SUBSET_OP2,
EQUAL_EXACT_MATCH,
Diff strict:
DIFF_ONE_VALUE, DIFF_ALL_VALUES,
Diff or equal:
DE_ONE_VALUE_ONE_VALUE, DE_ONE_VALUE_OP1_SUBSET_OP2,
DE_ONE_VALUE_EXACT_MATCH, DE_ALL_VALUES_ONE_VALUE,
DE_ALL_VALUES_OP1_SUBSET_OP2, DE_ALL_VALUES_EXACT_MATCH
The namespace declarations and the attribute mappings between namespaces
are defined in two JSON files that can be edited.
The script load-abac is used to add these definitions to the database.
Works consisting in defining a clean API, then moving administration
functions from view to core, in progress.
- Functions to add roles, objects and actions.
- Function to modify roles
- Functions to test if a user is authorized to modify or set a permission
on a policy entity
Works consisting in defining a clean API, then moving administration
functions from view to core, in progress.
- Use set_default_alias() instead of get_default_alias()
Works consisting in defining a clean API, then moving administration
functions from view to core, in progress.
- Use functions to test, set and remove policy root administrators
- Use set_default_alias() to check that a user has a default alias
(removing of check_for_admin())
Mikaël Ates