Tom Joseph | bf21cfa | 2018-08-20 19:13:39 +0530 | [diff] [blame] | 1 | description: > |
| 2 | Implement this interface to set the privilege of the user based on the |
| 3 | group name. The users in the group will inherit the privilege mapping of |
| 4 | the group. The Create method on success creates the object which implements |
| 5 | xyz.openbmc_project.User.PrivilegeMapperEntry. For example in the case of |
Tom Joseph | a584893 | 2018-09-30 16:00:54 +0530 | [diff] [blame] | 6 | LDAP, the object path will be |
| 7 | /xyz/openbmc_project/user/ldap/privilege_mapper/<id>. The <id> will be |
| 8 | a unique number generated by the application. If the privilege mapping |
| 9 | already exists then it throws the exception |
Tom Joseph | bf21cfa | 2018-08-20 19:13:39 +0530 | [diff] [blame] | 10 | xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists. To modify the |
| 11 | privilege for a mapping which already exists, the Privilege property in the |
| 12 | xyz.openbmc_project.User.PrivilegeMapperEntry interface needs to be set. |
Tom Joseph | a584893 | 2018-09-30 16:00:54 +0530 | [diff] [blame] | 13 | Any application consuming the privilege mapping should not cache the object |
| 14 | path and use the GetManagedObjects method on the |
| 15 | org.freedesktop.DBus.ObjectManager interface to figure out the D-Bus object |
| 16 | path associated with the group name. |
Tom Joseph | bf21cfa | 2018-08-20 19:13:39 +0530 | [diff] [blame] | 17 | |
| 18 | methods: |
| 19 | - name: Create |
| 20 | description: > |
| 21 | Creates a mapping for the group to the privilege. |
| 22 | parameters: |
| 23 | - name: GroupName |
| 24 | type: string |
| 25 | description: > |
| 26 | Group Name to which the privilege is to be assigned. In the case |
Tom Joseph | a584893 | 2018-09-30 16:00:54 +0530 | [diff] [blame] | 27 | of LDAP, the GroupName will be the LDAP group the user is part of. |
Tom Joseph | bf21cfa | 2018-08-20 19:13:39 +0530 | [diff] [blame] | 28 | - name: Privilege |
| 29 | type: string |
| 30 | description: > |
| 31 | The privilege associated with the group. The set of available |
| 32 | privileges are xyz.openbmc_project.User.Manager.AllPrivileges. |
| 33 | xyz.openbmc_project.Common.Error.InvalidArgument exception will |
| 34 | be thrown if the privilege is invalid. Additional documentation |
| 35 | on privilege is available here. |
Gunnar Mills | 3f86d12 | 2019-10-17 12:16:58 -0500 | [diff] [blame] | 36 | https://github.com/openbmc/docs/blob/master/architecture/user_management.md |
Tom Joseph | bf21cfa | 2018-08-20 19:13:39 +0530 | [diff] [blame] | 37 | returns: |
| 38 | - name: Path |
Tom Joseph | a584893 | 2018-09-30 16:00:54 +0530 | [diff] [blame] | 39 | type: path |
Tom Joseph | bf21cfa | 2018-08-20 19:13:39 +0530 | [diff] [blame] | 40 | description: > |
| 41 | The path for the created privilege mapping object. |
| 42 | |
| 43 | errors: |
| 44 | - xyz.openbmc_project.Common.Error.InternalFailure |
| 45 | - xyz.openbmc_project.Common.Error.InvalidArgument |
Gunnar Mills | 3f86d12 | 2019-10-17 12:16:58 -0500 | [diff] [blame] | 46 | - xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists |