Common Acls; Certserver.acl.configuration - Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual

Appendix D. ACL Reference
Each ACI has to apply to specific users or groups. This is set using a couple of common flags, usually
user= or group=, though there are other options, like ipaddress= which defines client-based
access rather than entry-based access. If there is more than one entry, then the names are separated
by a double pipe (||). For example, group="group1" || "group2".
Each area of the resourceACLS attribute value is defined in
Value".
Value
class_name
all operations
allow|deny
(operations)
type=target
description
Table D.1. Sections of the ACL Attribute Value
D.2. Common ACLs
This section covers the default access control configuration that is common for all four subsystem
types. These access control rules manage access to basic and common configuration settings, such
as logging and adding users and groups.
IMPORTANT
These ACLs are common in that the same ACLs are occur in each subsystem instance's
acl.ldif file. These are not shared ACLs in the sense that the configuration files
or settings are held in common by all subsystem instances. As with all other instance
configuration, these ACLs are maintained independently of other subsystem instances, in
the instance-specific acl.ldif file.
D.2.1. certServer.acl.configuration
Controls operations to the ACL configuration. The default configuration is:
allow (read) group="Administrators" || group="Certificate Manager Agents" ||
group="Registration Manager Agents" || group="Data Recovery Manager Agents" || group="Online
Certificate Status Manager Agents" || group="Auditors";allow (modify) group="Administrators"
Operations Description
read View ACL resources and list ACL resources, ACL listing evaluators, and ACL evaluator types.
494
Table D.1, "Sections of the ACL Attribute