diff options
| author | Russ Allbery <rra@stanford.edu> | 2013-03-27 12:51:46 -0700 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2013-03-27 12:52:58 -0700 |
| commit | f6c63bdb2be5ccc0c6133bf87025d37805579005 (patch) | |
| tree | c027fed89455b36e386722a63cce9c77d90ebffa /client | |
| parent | b273cc907951a8b7dfcd4095ab58b6ae74c7d87e (diff) | |
Allow owners of objects to destroy them by default
Owners of wallet objects are now allowed to destroy them. In previous
versions, a special destroy ACL had to be set and the owner ACL wasn't
used for destroy actions, but operational experience at Stanford has
shown that letting owners destroy their own objects is a better model.
Change-Id: I0e97d7a000e62cf5321add7b44140db6edc6769f
Reviewed-on: https://gerrit.stanford.edu/973
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
Diffstat (limited to 'client')
| -rw-r--r-- | client/wallet.pod | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/client/wallet.pod b/client/wallet.pod index 32d81ad..214a157 100644 --- a/client/wallet.pod +++ b/client/wallet.pod @@ -159,9 +159,9 @@ C<getattr> and C<history>, which use the C<show> ACL, C<setattr>, which uses the C<store> ACL, and C<comment>, which uses the owner or C<show> ACL depending on whether one is setting or retrieving the comment. If the appropriate ACL is set, it alone is checked to see if the user has access. -Otherwise, C<get>, C<store>, C<show>, C<getattr>, C<setattr>, C<history>, -and C<comment> access is permitted if the user is authorized by the owner -ACL of the object. +Otherwise, C<destroy>, C<get>, C<store>, C<show>, C<getattr>, C<setattr>, +C<history>, and C<comment> access is permitted if the user is authorized +by the owner ACL of the object. Administrators can run any command on any object or ACL except for C<get> and C<store>. For C<get> and C<store>, they must still be authorized by |