Give more control over snapshot permission
Give more control over snapshot permission
Descriptive title for this enhancement
Have the possibility to restrain the snapshot permission in another way than only reading / writing all in ACL.
Actual behavior
Actually the user need the right to read and write overall in the branch to make / restore a snapshot. It's ok when the user have full rights on the branch but it doesn't work in restrain rights. Example if a user may edit only some fields in a branch but want use snapshot.
Expected behavior
Have a better way to let a users make snapshot and restore them.
Step by step description of new behaviour
Give right to only make and restore snapshot without looking at the permission of the user.
Activity
changed milestone to %FusionDirectory 1.3
By Jonathan Swaelens on 2017-12-08T14:28:50 (imported from GitLab)
assigned to @MCMic and unassigned @bmortier
By Côme Chilliet on 2018-01-16T15:55:25 (imported from GitLab)
So, if we add snapshot in each category, these will get RWCMD rights.
- Read means the right to see and list snapshots
- Write does not seem to apply to snapshots
- Create would be the right to take (full) snapshots
- Move does not apply
- Delete would be the right to delete snapshots
But what ACL rights would be needed in order to be able to restore a snapshot? Should the right to restore snapshot of existing objects and of deleted objects be separated?
We can add ACL fields in the snapshot ACL class and those will have RW rights. So maybe a field «restore» which needs Write to allow restore? (or restore_new and restore_over if we need to split)
By Côme Chilliet on 2018-01-25T10:49:53 (imported from GitLab)
Edited by bmortier@MCMic yes the right to restore snapshot of existing objects and of deleted objects should be separated.
as @jswaelens stated the snapshot acl are like the rest of the acl, added to others acl to restrict to which objet the user can do read/create/delete.
By bmortier on 2018-01-25T09:17:53 (imported from GitLab)
Edited by bmortier
created branch
5743-give-more-control-over-snapshot-permissionBy Côme Chilliet on 2018-01-25T13:30:21 (imported from GitLab)
mentioned in commit ff3918ab
By Côme Chilliet on 2018-01-25T13:32:53 (imported from GitLab)
mentioned in issue fd-plugins#5772 (closed)
By Côme Chilliet on 2018-01-25T13:36:14 (imported from GitLab)
added To Be Tested label
By Côme Chilliet on 2018-01-31T11:23:56 (imported from GitLab)
removed technical discussion label
By bmortier on 2018-02-05T08:34:38 (imported from GitLab)
I just add the snapshot rights in an acl role when I manage users an acl but when I try to create a snapshot from an user, I cannot fill the "reason" of the snapshot.
My aclrole ldif is the following one
cn=users-management,ou=aclroles createTimestamp 2018-01-30 11:12:10 modifyTimestamp 2018-02-27 17:02:14 objectClass top objectClass gosaRole cn users-management description Users Management - Create roles and assign users to roles - Read and write users - Create roles group from user gosaAclTemplate 0:role/roleGeneric;cdrw gosaAclTemplate 1:dashboard/dashboard;r gosaAclTemplate 2:acl/aclAssignmentDialogWindow;cdrw,acl/aclAssignment;cdrw gosaAclTemplate 3:user/userRoles;cdrw#rolesMembership;rw,user/SnapshotHandler;cdr,user/user;rw,department/department;#description;rwBy Jonathan Swaelens on 2018-02-27T16:34:58 (imported from GitLab)
