Bug 245830 - Get Effective Rights Control slightly broken
Get Effective Rights Control slightly broken
Status: CLOSED DUPLICATE of bug 437525
Product: Red Hat Directory Server
Classification: Red Hat
Component: Security - Access Control (ACL) (Show other bugs)
8.0
All Linux
medium Severity low
: DS8.1
: ---
Assigned To: Rich Megginson
Chandrasekar Kannan
:
Depends On:
Blocks: 249650
  Show dependency treegraph
 
Reported: 2007-06-26 17:48 EDT by Bob Lord
Modified: 2015-01-04 18:27 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-12-02 13:23:25 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Pete Rowley 2007-06-26 17:48:16 EDT
Description of problem:
The get effective rights control returns access control status for attributes
existing in an entry. However this means that access control status cannot be
determined for attribute types that are allowed but not present on an entry, so
for example, a gui interface cannot predetermine if a user is allowed to add the
first value for an attribute and therefore should display the field for
modification. This would be a nice thing for freeIPA.

Version-Release number of selected component (if applicable):


How reproducible:

always

Steps to Reproduce:
1. use effective rights control
2.
3.
  
Actual results:

no mention of allowed but not existing attributes

Expected results:

The ability to get ionformation on these attribute types - possibly by way of a
flag for the control.

Additional info:
Comment 4 Rich Megginson 2008-12-02 12:27:02 EST
This has been fixed, correct?
Comment 5 Noriko Hosoi 2008-12-02 13:05:25 EST
(In reply to comment #4)
> This has been fixed, correct?

Yes, one of these cases on the wiki page should cover the RFE, I think.
2-2. requester: tuser0, subject user: tuser0: tuser0 shows tuser0's effective rights of the user given attribute list, which do not exist in the entries. tuser0 is allowed to see the effective rights of the entries that tuser0 can read/search. 

2-3. requester: tuser0, subject user: tuser0: tuser0 shows tuser0's effective rights of all the available attributes associated with the entry's objectclasses, which values may or may not exist. tuser0 is allowed to see the effective rights of the entries that tuser0 can read/search.

http://directory.fedoraproject.org/wiki/Get_Effective_Rights_for_non-present_attributes#2._Cases_newly_supported

This is the bug I used to work on GER enhancement.
 Bug 437525 -  GER: allow GER for non-existing entries

Can we mark this bug as Duplicate of 437525?
Comment 6 Rich Megginson 2008-12-02 13:23:25 EST

*** This bug has been marked as a duplicate of bug 437525 ***

Note You need to log in before you can comment on or make changes to this bug.