directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject [directory-fortress-enmasse] branch master updated: more cleanup
Date Sat, 16 Mar 2019 23:25:32 GMT
This is an automated email from the ASF dual-hosted git repository.

smckinney pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-fortress-enmasse.git


The following commit(s) were added to refs/heads/master by this push:
     new 9fe3026  more cleanup
9fe3026 is described below

commit 9fe3026f7e1d7086fe6f22f03a8ac1dfcb53ed0e
Author: Shawn McKinney <smckinney@apache.org>
AuthorDate: Sat Mar 16 18:25:27 2019 -0500

    more cleanup
---
 README-SECURITY-MODEL.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README-SECURITY-MODEL.md b/README-SECURITY-MODEL.md
index b01809d..8935f00 100644
--- a/README-SECURITY-MODEL.md
+++ b/README-SECURITY-MODEL.md
@@ -119,9 +119,9 @@ The ARBAC checks include the following:
                                          
 3. Some APIs on the *AdminMgr* do organization checks, matching the org on the admin role
with that on the target.  There are two types of organziations, User and Permission.
 
- For example, de/assignUser(User, Role) will verify that the caller has an ADMIN role with
a matching user org unit, *userOU*, on the target user.
+ For example, de/assignUser(User, Role) will verify that the caller has an ADMIN role with
a matching user org unit that matches the ou of the target user.
   
- There is similar check on grant/revokePermission(Role, Permission), where the caller must
have activated ADMIN role matching the perm org unit, *permOU*, corresponding with the permission
being targeted.
+ There is similar check on grant/revokePermission(Role, Permission), where the caller must
have activated ADMIN role matching the perm org unit that matches the ou on the target permission.
 
  The complete list of APIs that enforce range and OU checks follow:
 


Mime
View raw message