1 files changed, 46 insertions, 0 deletions

diff --git a/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml b/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml
new file mode 100644
index 0000000..aac9fc0
--- /dev/null
+++ b/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml
@@ -0,0 +1,46 @@
+description: >
+    Implement this interface to set the privilege of the user based on the
+    group name. The users in the group will inherit the privilege mapping of
+    the group. The Create method on success creates the object which implements
+    xyz.openbmc_project.User.PrivilegeMapperEntry. For example in the case of
+    LDAP, the object path will be
+    /xyz/openbmc_project/user/ldap/privilege_mapper/<id>. The <id> will be
+    a unique number generated by the application. If the privilege mapping
+    already exists then it throws the exception
+    xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists. To modify the
+    privilege for a mapping which already exists, the Privilege property in the
+    xyz.openbmc_project.User.PrivilegeMapperEntry interface needs to be set.
+    Any application consuming the privilege mapping should not cache the object
+    path and use the GetManagedObjects method on the
+    org.freedesktop.DBus.ObjectManager interface to figure out the D-Bus object
+    path associated with the group name.
+
+methods:
+    - name: Create
+      description: >
+          Creates a mapping for the group to the privilege.
+      parameters:
+        - name: GroupName
+          type: string
+          description: >
+              Group Name to which the privilege is to be assigned. In the case
+              of LDAP, the GroupName will be the LDAP group the user is part of.
+        - name: Privilege
+          type: string
+          description: >
+              The privilege associated with the group. The set of available
+              privileges are xyz.openbmc_project.User.Manager.AllPrivileges.
+              xyz.openbmc_project.Common.Error.InvalidArgument exception will
+              be thrown if the privilege is invalid. Additional documentation
+              on privilege is available here.
+              https://github.com/openbmc/docs/blob/master/user_management.md
+      returns:
+        - name: Path
+          type: path
+          description: >
+            The path for the created privilege mapping object.
+
+      errors:
+          - xyz.openbmc_project.Common.Error.InternalFailure
+          - xyz.openbmc_project.Common.Error.InvalidArgument
+          - xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists
\ No newline at end of file