josef reidinger schrieb:
I think that it is a futile attempt to overcome the initial problem of having too many permissions to deal with. How about removing them instead? That means not having the complete "API" of YaST accessible via DBus, but it is not a real API anyway. Instead, we should build the API to fit the permissions.
What about use two tool over permissions? So we provide via dbus atomic permission to change one enclosed atribute and then have in webyast client for changing permission which provide agregate permissions and can change set of atomic permissions like Change http server which ensure that all atomic permission needed for http server is provided (of course provide info what atomic permission it is). I think that for admins is more important what exactly can user change (single values) then high level abstraction permission which can change more then admin want. Josef
I think we can solve this completely by: - Use granulated permissions if it really needed only. - Using tree structure if a granulation is needed. It is the taks of WebYaST to make this structure useful for the admin. By the way please regard that the REST-webservice acces YaST via the YaST-DBUS interface. This REST-service is running under the user yastws. So permissions has also to be set for this user too. This will be managed in the SPEC file while installing the package. Greetings Stefan -- ******************************************************************************* Stefan Schubert SUSE LINUX GmbH - Maxfeldstrasse 5 - D-90409 Nuernberg, Germany e-mail: schubi@suse.de ------------------------------------------------------------------------------- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org