You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Ersin Er (JIRA)" <ji...@apache.org> on 2007/07/06 10:25:04 UTC
[jira] Resolved: (DIRSERVER-989) allAttributeValues protected item
is not handled correctly by the Authorization subsystem in Modify
operations
[ https://issues.apache.org/jira/browse/DIRSERVER-989?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ersin Er resolved DIRSERVER-989.
--------------------------------
Resolution: Fixed
> allAttributeValues protected item is not handled correctly by the Authorization subsystem in Modify operations
> --------------------------------------------------------------------------------------------------------------
>
> Key: DIRSERVER-989
> URL: https://issues.apache.org/jira/browse/DIRSERVER-989
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 1.0.2, 1.5.0
> Reporter: Ersin Er
> Assignee: Ersin Er
> Fix For: 1.5.1, 1.0.3
>
>
> allAttributeValues protectedItem only applies to attribute values, not attribute types. So if grantAdd is permitted only for allAttributeValue, only a new value to an existing attribute can be added. To create a new attribute with an initial value, grantAdd permission is needed for both the attribute type and the value. This can be achieved with several combinations like {attributeType{X}, attributeValue{Y}}, {attributeType{X}, allAttributeValues}, {allAttributeTypes, attributeValues}, {allUserAttributeValuesAndTypes}. The same approach applies to modifications including deletes.
> The explanations here are based on the Security chapter of the X.500 spec and and the related chapter in the X.500 book by Chadwick.
> To comply with this approach, modify operations should be handled with more granularity in the AuthorizationService and some existing unit tests need to be updated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.