| Tom Joseph | bf21cfa | 2018-08-20 19:13:39 +0530 | [diff] [blame] | 1 | description: > |
| Patrick Williams | a134741 | 2022-12-06 10:56:22 -0600 | [diff] [blame] | 2 | Implement this interface to set the privilege of the user based on the group |
| 3 | name. The users in the group will inherit the privilege mapping of the |
| 4 | group. The Create method on success creates the object which implements |
| Tom Joseph | bf21cfa | 2018-08-20 19:13:39 +0530 | [diff] [blame] | 5 | xyz.openbmc_project.User.PrivilegeMapperEntry. For example in the case of |
| Tom Joseph | a584893 | 2018-09-30 16:00:54 +0530 | [diff] [blame] | 6 | LDAP, the object path will be |
| Patrick Williams | a134741 | 2022-12-06 10:56:22 -0600 | [diff] [blame] | 7 | /xyz/openbmc_project/user/ldap/privilege_mapper/<id>. The <id> will be a |
| 8 | unique number generated by the application. If the privilege mapping already |
| 9 | exists then it throws the exception |
| Tom Joseph | bf21cfa | 2018-08-20 19:13:39 +0530 | [diff] [blame] | 10 | xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists. To modify the |
| 11 | privilege for a mapping which already exists, the Privilege property in the |
| Patrick Williams | a134741 | 2022-12-06 10:56:22 -0600 | [diff] [blame] | 12 | xyz.openbmc_project.User.PrivilegeMapperEntry interface needs to be set. Any |
| 13 | application consuming the privilege mapping should not cache the object path |
| 14 | and use the GetManagedObjects method on the |
| Tom Joseph | a584893 | 2018-09-30 16:00:54 +0530 | [diff] [blame] | 15 | org.freedesktop.DBus.ObjectManager interface to figure out the D-Bus object |
| 16 | path associated with the group name. |
| Tom Joseph | bf21cfa | 2018-08-20 19:13:39 +0530 | [diff] [blame] | 17 | |
| 18 | methods: |
| 19 | - name: Create |
| 20 | description: > |
| 21 | Creates a mapping for the group to the privilege. |
| 22 | parameters: |
| Patrick Williams | 8da396c | 2022-03-14 14:21:02 -0500 | [diff] [blame] | 23 | - name: GroupName |
| 24 | type: string |
| 25 | description: > |
| 26 | Group Name to which the privilege is to be assigned. In the case |
| Patrick Williams | a134741 | 2022-12-06 10:56:22 -0600 | [diff] [blame] | 27 | of LDAP, the GroupName will be the LDAP group the user is part |
| 28 | of. |
| Patrick Williams | 8da396c | 2022-03-14 14:21:02 -0500 | [diff] [blame] | 29 | - name: Privilege |
| 30 | type: string |
| 31 | description: > |
| 32 | The privilege associated with the group. The set of available |
| 33 | privileges are xyz.openbmc_project.User.Manager.AllPrivileges. |
| 34 | xyz.openbmc_project.Common.Error.InvalidArgument exception will |
| 35 | be thrown if the privilege is invalid. Additional documentation |
| 36 | on privilege is available here. |
| 37 | https://github.com/openbmc/docs/blob/master/architecture/user-management.md |
| Tom Joseph | bf21cfa | 2018-08-20 19:13:39 +0530 | [diff] [blame] | 38 | returns: |
| Patrick Williams | 8da396c | 2022-03-14 14:21:02 -0500 | [diff] [blame] | 39 | - name: Path |
| Patrick Williams | b78a070 | 2022-10-24 12:32:56 -0500 | [diff] [blame] | 40 | type: object_path |
| Patrick Williams | 8da396c | 2022-03-14 14:21:02 -0500 | [diff] [blame] | 41 | description: > |
| 42 | The path for the created privilege mapping object. |
| Tom Joseph | bf21cfa | 2018-08-20 19:13:39 +0530 | [diff] [blame] | 43 | |
| 44 | errors: |
| 45 | - xyz.openbmc_project.Common.Error.InternalFailure |
| 46 | - xyz.openbmc_project.Common.Error.InvalidArgument |
| Gunnar Mills | 3f86d12 | 2019-10-17 12:16:58 -0500 | [diff] [blame] | 47 | - xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists |