From commits-return-50858-apmail-directory-commits-archive=directory.apache.org@directory.apache.org Sat Mar 16 23:25:33 2019 Return-Path: X-Original-To: apmail-directory-commits-archive@www.apache.org Delivered-To: apmail-directory-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 34091195DB for ; Sat, 16 Mar 2019 23:25:33 +0000 (UTC) Received: (qmail 16486 invoked by uid 500); 16 Mar 2019 23:25:33 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 16438 invoked by uid 500); 16 Mar 2019 23:25:33 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 16429 invoked by uid 99); 16 Mar 2019 23:25:33 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 16 Mar 2019 23:25:33 +0000 Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33) id 7B3B6853D3; Sat, 16 Mar 2019 23:25:32 +0000 (UTC) Date: Sat, 16 Mar 2019 23:25:32 +0000 To: "commits@directory.apache.org" Subject: [directory-fortress-enmasse] branch master updated: more cleanup MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Message-ID: <155277873246.7865.15850929912505894507@gitbox.apache.org> From: smckinney@apache.org X-Git-Host: gitbox.apache.org X-Git-Repo: directory-fortress-enmasse X-Git-Refname: refs/heads/master X-Git-Reftype: branch X-Git-Oldrev: 58cc7e424da1373a21c259e78c7bfbc2ebacce2f X-Git-Newrev: 9fe3026f7e1d7086fe6f22f03a8ac1dfcb53ed0e X-Git-Rev: 9fe3026f7e1d7086fe6f22f03a8ac1dfcb53ed0e X-Git-NotificationType: ref_changed_plus_diff X-Git-Multimail-Version: 1.5.dev Auto-Submitted: auto-generated This is an automated email from the ASF dual-hosted git repository. smckinney pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/directory-fortress-enmasse.git The following commit(s) were added to refs/heads/master by this push: new 9fe3026 more cleanup 9fe3026 is described below commit 9fe3026f7e1d7086fe6f22f03a8ac1dfcb53ed0e Author: Shawn McKinney AuthorDate: Sat Mar 16 18:25:27 2019 -0500 more cleanup --- README-SECURITY-MODEL.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README-SECURITY-MODEL.md b/README-SECURITY-MODEL.md index b01809d..8935f00 100644 --- a/README-SECURITY-MODEL.md +++ b/README-SECURITY-MODEL.md @@ -119,9 +119,9 @@ The ARBAC checks include the following: 3. Some APIs on the *AdminMgr* do organization checks, matching the org on the admin role with that on the target. There are two types of organziations, User and Permission. - For example, de/assignUser(User, Role) will verify that the caller has an ADMIN role with a matching user org unit, *userOU*, on the target user. + For example, de/assignUser(User, Role) will verify that the caller has an ADMIN role with a matching user org unit that matches the ou of the target user. - There is similar check on grant/revokePermission(Role, Permission), where the caller must have activated ADMIN role matching the perm org unit, *permOU*, corresponding with the permission being targeted. + There is similar check on grant/revokePermission(Role, Permission), where the caller must have activated ADMIN role matching the perm org unit that matches the ou on the target permission. The complete list of APIs that enforce range and OU checks follow: