Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-dbus-interfaces / bf21cfa8640c968a5e825b141866b858118fb1a1^! / . / xyz / openbmc_project / User / PrivilegeMapper.interface.yaml
commitbf21cfa8640c968a5e825b141866b858118fb1a1[log] [tgz]
authorTom Joseph <tomjoseph@in.ibm.com>Mon Aug 20 19:13:39 2018 +0530
committerBrad Bishop <bradleyb@fuzziesquirrel.com>Tue Sep 18 16:48:40 2018 +0000
tree4dc068f344db1d346f9b42099eca645b7ffd3c99
parent06b4df97b7f271154abb1d28716cb3a782a27e96 [diff] [blame]
Add interface to assign privilege to groups

This interface will be implemented to assign privilege roles to
groups. The privilege roles will be assigned to groups
and the user accounts which are part of the group will inherit
the privilege role.

Change-Id: I2326de5f7f3e6e92c2a0d7648a5677b33a0b1db0
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>

diff --git a/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml b/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml
new file mode 100644
index 0000000..5b4f511
--- /dev/null
+++ b/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml

@@ -0,0 +1,41 @@
+description: >
+    Implement this interface to set the privilege of the user based on the
+    group name. The users in the group will inherit the privilege mapping of
+    the group. The Create method on success creates the object which implements
+    xyz.openbmc_project.User.PrivilegeMapperEntry. For example in the case of
+    LDAP, the object path will be /xyz/openbmc_project/user/ldap/<GroupName>.
+    If the privilege mapping already exists then it throws the exception
+    xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists. To modify the
+    privilege for a mapping which already exists, the Privilege property in the
+    xyz.openbmc_project.User.PrivilegeMapperEntry interface needs to be set.
+
+methods:
+    - name: Create
+      description: >
+          Creates a mapping for the group to the privilege.
+      parameters:
+        - name: GroupName
+          type: string
+          description: >
+              Group Name to which the privilege is to be assigned. In the case
+              of LDAP, the GroupName will be the LDAP group the user is part
+              of.
+        - name: Privilege
+          type: string
+          description: >
+              The privilege associated with the group. The set of available
+              privileges are xyz.openbmc_project.User.Manager.AllPrivileges.
+              xyz.openbmc_project.Common.Error.InvalidArgument exception will
+              be thrown if the privilege is invalid. Additional documentation
+              on privilege is available here.
+              https://github.com/openbmc/docs/blob/master/user_management.md
+      returns:
+        - name: Path
+          type: string
+          description: >
+            The path for the created privilege mapping object.
+
+      errors:
+          - xyz.openbmc_project.Common.Error.InternalFailure
+          - xyz.openbmc_project.Common.Error.InvalidArgument
+          - xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists
\ No newline at end of file