summaryrefslogtreecommitdiffstats
path: root/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml
blob: aac9fc06746920a80fb0ee788d08fce4f0e07d30 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

description: >
    Implement this interface to set the privilege of the user based on the
    group name. The users in the group will inherit the privilege mapping of
    the group. The Create method on success creates the object which implements
    xyz.openbmc_project.User.PrivilegeMapperEntry. For example in the case of
    LDAP, the object path will be
    /xyz/openbmc_project/user/ldap/privilege_mapper/<id>. The <id> will be
    a unique number generated by the application. If the privilege mapping
    already exists then it throws the exception
    xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists. To modify the
    privilege for a mapping which already exists, the Privilege property in the
    xyz.openbmc_project.User.PrivilegeMapperEntry interface needs to be set.
    Any application consuming the privilege mapping should not cache the object
    path and use the GetManagedObjects method on the
    org.freedesktop.DBus.ObjectManager interface to figure out the D-Bus object
    path associated with the group name.

methods:
    - name: Create
      description: >
          Creates a mapping for the group to the privilege.
      parameters:
        - name: GroupName
          type: string
          description: >
              Group Name to which the privilege is to be assigned. In the case
              of LDAP, the GroupName will be the LDAP group the user is part of.
        - name: Privilege
          type: string
          description: >
              The privilege associated with the group. The set of available
              privileges are xyz.openbmc_project.User.Manager.AllPrivileges.
              xyz.openbmc_project.Common.Error.InvalidArgument exception will
              be thrown if the privilege is invalid. Additional documentation
              on privilege is available here.
              https://github.com/openbmc/docs/blob/master/user_management.md
      returns:
        - name: Path
          type: path
          description: >
            The path for the created privilege mapping object.

      errors:
          - xyz.openbmc_project.Common.Error.InternalFailure
          - xyz.openbmc_project.Common.Error.InvalidArgument
          - xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists
OpenPOWER on IntegriCloud