acledit - Manage RRFW access control lists (ACLs).
This command manages the RRFW access control lists. Each user is
identified by user ID, and has a set of attributes. Currently
supported attributes are
cn (common name) and
(MD5 digest of the user's password).
Each user belongs to one or several groups. Each group has its own
set of privileges. A privilege is identified by privilege name and
object name. Currently only one privilege name is supported:
DisplayTree, and the object name is the name of the tree that
this group is allowed to browse.
User authorization in the web interface is controlled by the
$RRFW::ApacheHandler::authorizeUsers variable in rrfw-siteconfig.pl.
DisplayTreefor displaying a datasource tree, and
DisplayAdmInfofor displaying the administrative information (all significant parameters for a given datasource leaf).
DisplayAdmInfoprivilegs are granted or revoked. The asterisk (*) instead of the object name assigns the privilege for all objects.
acledit --addgroup=staff --permit=DisplayTree \ --for=main --for=thecustomer acledit --adduser=jsmith --password=mysecretpassword \ --cn="John Smith" --addtogroup=staff acledit --addgroup=admin --permit=DisplayTree --for='*'
This example creates a group staff and gives all its members the permission to browse the datasource trees main and thecustomer. The next command creates a user jsmith and addts it to this group. The user name will be displayed as John Smith, and it will be let in with the given password. The third command creates a group admin which is allowed o browse all existing trees.
See more documentation at RRFW home page: http://rrfw.sf.net
Stanislav Sinyagin <email@example.com>