diff options
Diffstat (limited to 'xyz')
-rw-r--r-- | xyz/openbmc_project/User/PrivilegeMapper.interface.yaml | 15 | ||||
-rw-r--r-- | xyz/openbmc_project/User/PrivilegeMapperEntry.interface.yaml | 9 |
2 files changed, 19 insertions, 5 deletions
diff --git a/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml b/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml index 5b4f511..aac9fc0 100644 --- a/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml +++ b/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml @@ -3,11 +3,17 @@ description: > group name. The users in the group will inherit the privilege mapping of the group. The Create method on success creates the object which implements xyz.openbmc_project.User.PrivilegeMapperEntry. For example in the case of - LDAP, the object path will be /xyz/openbmc_project/user/ldap/<GroupName>. - If the privilege mapping already exists then it throws the exception + LDAP, the object path will be + /xyz/openbmc_project/user/ldap/privilege_mapper/<id>. The <id> will be + a unique number generated by the application. If the privilege mapping + already exists then it throws the exception xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists. To modify the privilege for a mapping which already exists, the Privilege property in the xyz.openbmc_project.User.PrivilegeMapperEntry interface needs to be set. + Any application consuming the privilege mapping should not cache the object + path and use the GetManagedObjects method on the + org.freedesktop.DBus.ObjectManager interface to figure out the D-Bus object + path associated with the group name. methods: - name: Create @@ -18,8 +24,7 @@ methods: type: string description: > Group Name to which the privilege is to be assigned. In the case - of LDAP, the GroupName will be the LDAP group the user is part - of. + of LDAP, the GroupName will be the LDAP group the user is part of. - name: Privilege type: string description: > @@ -31,7 +36,7 @@ methods: https://github.com/openbmc/docs/blob/master/user_management.md returns: - name: Path - type: string + type: path description: > The path for the created privilege mapping object. diff --git a/xyz/openbmc_project/User/PrivilegeMapperEntry.interface.yaml b/xyz/openbmc_project/User/PrivilegeMapperEntry.interface.yaml index a90989d..cea3ca2 100644 --- a/xyz/openbmc_project/User/PrivilegeMapperEntry.interface.yaml +++ b/xyz/openbmc_project/User/PrivilegeMapperEntry.interface.yaml @@ -2,6 +2,15 @@ description: > Implement to provide privilege for the group. properties: + - name: GroupName + type: string + description: > + Group Name to which the privilege is to be assigned. In the case of + LDAP, the GroupName will be the LDAP group the user is part of. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - xyz.openbmc_project.Common.Error.InvalidArgument + - xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists - name: Privilege type: string description: > |