xyz/openbmc_project/User/PrivilegeMapper.interface.yaml

description: >
    Implement this interface to set the privilege of the user based on the
    group name. The users in the group will inherit the privilege mapping of
    the group. The Create method on success creates the object which implements
    xyz.openbmc_project.User.PrivilegeMapperEntry. For example in the case of
    LDAP, the object path will be /xyz/openbmc_project/user/ldap/<GroupName>.
    If the privilege mapping already exists then it throws the exception
    xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists. To modify the
    privilege for a mapping which already exists, the Privilege property in the
    xyz.openbmc_project.User.PrivilegeMapperEntry interface needs to be set.

methods:
    - name: Create
      description: >
          Creates a mapping for the group to the privilege.
      parameters:
        - name: GroupName
          type: string
          description: >
              Group Name to which the privilege is to be assigned. In the case
              of LDAP, the GroupName will be the LDAP group the user is part
              of.
        - name: Privilege
          type: string
          description: >
              The privilege associated with the group. The set of available
              privileges are xyz.openbmc_project.User.Manager.AllPrivileges.
              xyz.openbmc_project.Common.Error.InvalidArgument exception will
              be thrown if the privilege is invalid. Additional documentation
              on privilege is available here.
              https://github.com/openbmc/docs/blob/master/user_management.md
      returns:
        - name: Path
          type: string
          description: >
            The path for the created privilege mapping object.

      errors:
          - xyz.openbmc_project.Common.Error.InternalFailure
          - xyz.openbmc_project.Common.Error.InvalidArgument
          - xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists