The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.
This issue was migrated from Pagure Issue #400. Originally filed by edewata (@edewata) on 2012-11-05 20:57:01:
Assigned to nobody
Currently the ACL for a particular resource can only be defined once. Additional definition, even though it's for different the rights, will override earlier definition without any error/warning.
One possible solution is to merge the ACL. For example:
resourceACLS: certServer.kra.keys:list:allow (list) group="Data Recovery Manager Agents":Only data recovery manager agents list keys
resourceACLS: certServer.kra.keys:execute:allow (execute) group="Data Recovery Manager Agents":Agents may execute key operations
A merged ACL may look like the following:
resourceACLS: certServer.kra.keys:list,execute:allow (list) group="Data Recovery Manager Agents";allow (execute) group="Data Recovery Manager Agents":Only data recovery manager agents list keys. Agents may execute key operations.
This issue was migrated from Pagure Issue #400. Originally filed by edewata (@edewata) on 2012-11-05 20:57:01:
Currently the ACL for a particular resource can only be defined once. Additional definition, even though it's for different the rights, will override earlier definition without any error/warning.
One possible solution is to merge the ACL. For example:
A merged ACL may look like the following: