blob: ce87dec7a7d0d0e8cfb7d6934d478077d6d9979d [file] [log] [blame]
description: >
Implement this interface to set the privilege of the user based on the group
name. The users in the group will inherit the privilege mapping of the
group. The Create method on success creates the object which implements
xyz.openbmc_project.User.PrivilegeMapperEntry. For example in the case of
LDAP, the object path will be
/xyz/openbmc_project/user/ldap/privilege_mapper/<id>. The <id> will be a
unique number generated by the application. If the privilege mapping already
exists then it throws the exception
xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists. To modify the
privilege for a mapping which already exists, the Privilege property in the
xyz.openbmc_project.User.PrivilegeMapperEntry interface needs to be set. Any
application consuming the privilege mapping should not cache the object path
and use the GetManagedObjects method on the
org.freedesktop.DBus.ObjectManager interface to figure out the D-Bus object
path associated with the group name.
methods:
- name: Create
description: >
Creates a mapping for the group to the privilege.
parameters:
- name: GroupName
type: string
description: >
Group Name to which the privilege is to be assigned. In the case
of LDAP, the GroupName will be the LDAP group the user is part
of.
- name: Privilege
type: string
description: >
The privilege associated with the group. The set of available
privileges are xyz.openbmc_project.User.Manager.AllPrivileges.
xyz.openbmc_project.Common.Error.InvalidArgument exception will
be thrown if the privilege is invalid. Additional documentation
on privilege is available here.
https://github.com/openbmc/docs/blob/master/architecture/user-management.md
returns:
- name: Path
type: object_path
description: >
The path for the created privilege mapping object.
errors:
- xyz.openbmc_project.Common.Error.InternalFailure
- xyz.openbmc_project.Common.Error.InvalidArgument
- xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists