Give more control over snapshot permission
Give more control over snapshot permission
Descriptive title for this enhancement
Have the possibility to restrain the snapshot permission in another way than only reading / writing all in ACL.
Actual behavior
Actually the user need the right to read and write overall in the branch to make / restore a snapshot. It's ok when the user have full rights on the branch but it doesn't work in restrain rights. Example if a user may edit only some fields in a branch but want use snapshot.
Expected behavior
Have a better way to let a users make snapshot and restore them.
Step by step description of new behaviour
Give right to only make and restore snapshot without looking at the permission of the user.
Link issues together to show that they're related. Learn more.
Activity
- bmortier changed milestone to %FusionDirectory 1.3
changed milestone to %FusionDirectory 1.3
By Jonathan Swaelens on 2017-12-08T14:28:50 (imported from GitLab)
hello,
yes easy solution, but it means that snapshot will have to handle that internally as bypassing acl is generaly not a good idea. i'am a bit uneasy with stuff that don't go through our acl systems
Cheers
By bmortier on 2017-12-08T14:35:52 (imported from GitLab)
- bmortier added 10m of time spent at 2017-12-08
added 10m of time spent at 2017-12-08
By bmortier on 2017-12-08T14:36:01 (imported from GitLab)
- bmortier added 5m of time spent at 2018-01-04
added 5m of time spent at 2018-01-04
By bmortier on 2018-01-04T12:52:11 (imported from GitLab)
So, if we add snapshot in each category, these will get RWCMD rights.
- Read means the right to see and list snapshots
- Write does not seem to apply to snapshots
- Create would be the right to take (full) snapshots
- Move does not apply
- Delete would be the right to delete snapshots
But what ACL rights would be needed in order to be able to restore a snapshot? Should the right to restore snapshot of existing objects and of deleted objects be separated?
We can add ACL fields in the snapshot ACL class and those will have RW rights. So maybe a field «restore» which needs Write to allow restore? (or restore_new and restore_over if we need to split)
By Côme Chilliet on 2018-01-25T10:49:53 (imported from GitLab)
Edited by bmortier@MCMic yes the right to restore snapshot of existing objects and of deleted objects should be separated.
as @jswaelens stated the snapshot acl are like the rest of the acl, added to others acl to restrict to which objet the user can do read/create/delete.
By bmortier on 2018-01-25T09:17:53 (imported from GitLab)
Edited by bmortier- Please register or sign in to reply
- bmortier added 20m of time spent at 2018-01-25
added 20m of time spent at 2018-01-25
By bmortier on 2018-01-25T09:18:58 (imported from GitLab)
- bmortier created branch
5743-give-more-control-over-snapshot-permission
created branch
5743-give-more-control-over-snapshot-permission
By Côme Chilliet on 2018-01-25T13:30:21 (imported from GitLab)
- bmortier mentioned in merge request !112
mentioned in merge request !112
By Côme Chilliet on 2018-01-25T13:30:22 (imported from GitLab)
- bmortier mentioned in issue fd-plugins#5772 (closed)
mentioned in issue fd-plugins#5772 (closed)
By Côme Chilliet on 2018-01-25T13:36:14 (imported from GitLab)
- bmortier added To Be Tested label
added To Be Tested label
By Côme Chilliet on 2018-01-31T11:23:56 (imported from GitLab)
- bmortier removed technical discussion label
removed technical discussion label
By bmortier on 2018-02-05T08:34:38 (imported from GitLab)
- bmortier added ~593 label
added ~593 label
By Côme Chilliet on 2018-02-12T10:02:31 (imported from GitLab)
I just add the snapshot rights in an acl role when I manage users an acl but when I try to create a snapshot from an user, I cannot fill the "reason" of the snapshot.
My aclrole ldif is the following one
cn=users-management,ou=aclroles createTimestamp 2018-01-30 11:12:10 modifyTimestamp 2018-02-27 17:02:14 objectClass top objectClass gosaRole cn users-management description Users Management - Create roles and assign users to roles - Read and write users - Create roles group from user gosaAclTemplate 0:role/roleGeneric;cdrw gosaAclTemplate 1:dashboard/dashboard;r gosaAclTemplate 2:acl/aclAssignmentDialogWindow;cdrw,acl/aclAssignment;cdrw gosaAclTemplate 3:user/userRoles;cdrw#rolesMembership;rw,user/SnapshotHandler;cdr,user/user;rw,department/department;#description;rw
By Jonathan Swaelens on 2018-02-27T16:34:58 (imported from GitLab)
- bmortier added 10m of time spent at 2018-02-27
added 10m of time spent at 2018-02-27
By Jonathan Swaelens on 2018-02-27T16:34:58 (imported from GitLab)
- bmortier added 10m of time spent at 2018-03-06
added 10m of time spent at 2018-03-06
By Côme Chilliet on 2018-03-06T08:47:54 (imported from GitLab)
- bmortier added 1h 20m of time spent at 2018-03-06
added 1h 20m of time spent at 2018-03-06
By Jonathan Swaelens on 2018-03-06T10:06:26 (imported from GitLab)
- bmortier created branch
5743-give-more-control-over-snapshot-permission
created branch
5743-give-more-control-over-snapshot-permission
By Côme Chilliet on 2018-03-06T11:38:26 (imported from GitLab)
- bmortier mentioned in merge request !155
mentioned in merge request !155
By Côme Chilliet on 2018-03-06T11:38:29 (imported from GitLab)
- bmortier added 1h of time spent at 2018-03-06
added 1h of time spent at 2018-03-06
By Côme Chilliet on 2018-03-06T11:41:26 (imported from GitLab)
- bmortier added 10m of time spent at 2018-03-07
added 10m of time spent at 2018-03-07
By Jonathan Swaelens on 2018-03-07T10:00:55 (imported from GitLab)
- bmortier removed To Be Tested label
removed To Be Tested label
By Jonathan Swaelens on 2018-03-07T10:00:55 (imported from GitLab)
- bmortier created branch
5743-give-more-control-over-snapshot-permission
created branch
5743-give-more-control-over-snapshot-permission
By Côme Chilliet on 2018-03-07T10:10:29 (imported from GitLab)
- bmortier mentioned in merge request !156
mentioned in merge request !156
By Côme Chilliet on 2018-03-07T10:10:30 (imported from GitLab)
- bmortier added 1h of time spent at 2018-03-07
added 1h of time spent at 2018-03-07
By Côme Chilliet on 2018-03-07T13:04:24 (imported from GitLab)
- bmortier added To Be Tested label
added To Be Tested label
By Côme Chilliet on 2018-03-07T13:04:24 (imported from GitLab)
Hello, I just tested to restore a snapshot and it looks like nothing happenned.
- I click on restore icon
- I choice the snapshot
- I come back on the same page like nothing happend and when I quit the snapshot is not restored
By Jonathan Swaelens on 2018-03-07T16:19:57 (imported from GitLab)
- bmortier added 30m of time spent at 2018-03-07
added 30m of time spent at 2018-03-07
By Jonathan Swaelens on 2018-03-07T16:19:57 (imported from GitLab)
- bmortier removed To Be Tested label
removed To Be Tested label
By Jonathan Swaelens on 2018-03-07T16:20:07 (imported from GitLab)
- bmortier created branch
5743-give-more-control-over-snapshot-permission
created branch
5743-give-more-control-over-snapshot-permission
By Côme Chilliet on 2018-03-08T09:00:52 (imported from GitLab)
- bmortier mentioned in merge request !157
mentioned in merge request !157
By Côme Chilliet on 2018-03-08T09:00:54 (imported from GitLab)
- bmortier added 40m of time spent at 2018-03-08
added 40m of time spent at 2018-03-08
By Côme Chilliet on 2018-03-08T09:06:38 (imported from GitLab)
- bmortier added To Be Tested label
added To Be Tested label
By Côme Chilliet on 2018-03-08T09:46:47 (imported from GitLab)
Hello, it's working but I think I have find a possible issue.
- I make a snapshot as manager
- I an attribut that manager cannot modify (example privateMail)
- Manager do some modifications and restore the snapshot
- The object lost the privateMail
By Jonathan Swaelens on 2018-03-12T13:59:16 (imported from GitLab)
- bmortier added 1h of time spent at 2018-03-12
added 1h of time spent at 2018-03-12
By Jonathan Swaelens on 2018-03-12T13:59:17 (imported from GitLab)
- bmortier removed To Be Tested label
removed To Be Tested label
By Jonathan Swaelens on 2018-03-12T13:59:17 (imported from GitLab)
- bmortier added ~590 label
added ~590 label
By bmortier on 2018-03-26T08:23:19 (imported from GitLab)
- bmortier added technical discussion label
added technical discussion label
By bmortier on 2018-06-15T13:42:56 (imported from GitLab)
- bmortier added To Be Tested label
added To Be Tested label
By bmortier on 2018-06-15T13:43:02 (imported from GitLab)
- bmortier added user-manual label
added user-manual label
By Jonathan Swaelens on 2018-06-19T13:41:07 (imported from GitLab)