directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ersin Er (JIRA)" <j...@apache.org>
Subject [jira] Closed: (DIRSERVER-989) allAttributeValues protected item is not handled correctly by the Authorization subsystem in Modify operations
Date Fri, 06 Jul 2007 08:25:05 GMT

     [ https://issues.apache.org/jira/browse/DIRSERVER-989?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ersin Er closed DIRSERVER-989.
------------------------------


> allAttributeValues protected item is not handled correctly by the Authorization subsystem
in Modify operations
> --------------------------------------------------------------------------------------------------------------
>
>                 Key: DIRSERVER-989
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-989
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.0.2, 1.5.0
>            Reporter: Ersin Er
>            Assignee: Ersin Er
>             Fix For: 1.5.1, 1.0.3
>
>
> allAttributeValues protectedItem only applies to attribute values, not attribute types.
So if grantAdd is permitted only for allAttributeValue, only a new value to an existing attribute
can be added. To create a new attribute with an initial value, grantAdd permission is needed
for both the attribute type and the value. This can be achieved with several combinations
like {attributeType{X}, attributeValue{Y}}, {attributeType{X}, allAttributeValues}, {allAttributeTypes,
attributeValues}, {allUserAttributeValuesAndTypes}. The same approach applies to modifications
including deletes.
> The explanations here are based on the Security chapter of the X.500 spec and and the
related chapter in the X.500 book by Chadwick.
> To comply with this approach, modify operations should be handled with more granularity
in the AuthorizationService and some existing unit tests need to be updated.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message