Ńň Ă#xPc@sşddkTddklZlZlZlZddklZddklZedƒZ de fd„ƒYZ ei e ƒde fd „ƒYZei eƒd efd „ƒYZei eƒd efd „ƒYZei eƒdefd„ƒYZei eƒdefd„ƒYZei eƒdefd„ƒYZei eƒdefd„ƒYZei eƒdefd„ƒYZei eƒdefd„ƒYZei eƒdS(i˙˙˙˙(t*(tapitStrt_tngettext(tCommand(t privileges\ Roles A role is used for fine-grained delegation. A permission grants the ability to perform given low-level tasks (add a user, modify a group, etc.). A privilege combines one or more permissions into a higher-level abstraction such as useradmin. A useradmin would be able to add, delete and modify users. Privileges are assigned to Roles. Users, groups, hosts and hostgroups may be members of a Role. Roles can not contain other roles. EXAMPLES: Add a new role: ipa role-add --desc="Junior-level admin" junioradmin Add some privileges to this role: ipa role-add-privilege --privileges=addusers junioradmin ipa role-add-privilege --privileges=change_password junioradmin ipa role-add-privilege --privileges=add_user_to_default_group junioradmin Add a group of users to this role: ipa group-add --desc="User admins" useradmins ipa role-add-member --groups=useradmins junioradmin Display information about a role: ipa role-show junioradmin The result of this is that any users in the group 'junioradmin' can add users, reset passwords or add a user to the default IPA user group. trolec BsőeZdZeiiZedƒZedƒZ ddgZ ddddd d gZ hd d d dgd6dgd6Z hdgd6Z eZedƒZedƒZeddddedƒdeƒeddddedƒdedƒƒfZRS(s Role object. Rtrolest groupofnamest nestedgrouptcnt descriptiontmembertmemberoftmemberindirecttmemberofindirecttusertgroupthostt hostgroupRtRolestRoletcli_nametnametlabels Role namet primary_keytdesct Descriptiontdocs A description of this role-group(t__name__t __module__t__doc__Rtenvtcontainer_rolegroupt container_dnRt object_nametobject_name_pluralt object_classtdefault_attributestattribute_memberstreverse_memberstTruetrdn_is_primary_keyRtlabel_singularRt takes_params(((s7/usr/lib/python2.6/site-packages/ipalib/plugins/role.pyR=s.              trole_addcBs eZedƒZedƒZRS(sAdd a new role.sAdded role "%(value)s"(RRRR t msg_summary(((s7/usr/lib/python2.6/site-packages/ipalib/plugins/role.pyR.ds trole_delcBs eZedƒZedƒZRS(sDelete a role.sDeleted role "%(value)s"(RRRR R/(((s7/usr/lib/python2.6/site-packages/ipalib/plugins/role.pyR0ls trole_modcBs eZedƒZedƒZRS(sModify a role.sModified role "%(value)s"(RRRR R/(((s7/usr/lib/python2.6/site-packages/ipalib/plugins/role.pyR1ts t role_findcBs&eZedƒZedddƒZRS(sSearch for roles.s%(count)d role matcheds%(count)d roles matchedi(RRRR RR/(((s7/usr/lib/python2.6/site-packages/ipalib/plugins/role.pyR2|s t role_showcBseZedƒZRS(s!Display information about a role.(RRRR (((s7/usr/lib/python2.6/site-packages/ipalib/plugins/role.pyR3†strole_add_membercBseZedƒZRS(sAdd members to a role.(RRRR (((s7/usr/lib/python2.6/site-packages/ipalib/plugins/role.pyR4Œstrole_remove_membercBseZedƒZRS(sRemove members from a role.(RRRR (((s7/usr/lib/python2.6/site-packages/ipalib/plugins/role.pyR5’strole_add_privilegec BszeZedƒZdZdZdZdZei dƒei dde ded ƒƒei d de ded ƒƒfZ RS( sAdd privileges to a role.R3tprivilege_add_memberRRtresulttfailedttypeRsMembers that could not be addedt completedsNumber of privileges added(RRRR t show_commandtmember_commandt reverse_attrt member_attrtoutputtEntrytOutputtdicttintt has_output(((s7/usr/lib/python2.6/site-packages/ipalib/plugins/role.pyR6˜s     trole_remove_privilegec BszeZedƒZdZdZdZdZei dƒei dde ded ƒƒei d de ded ƒƒfZ RS( sRemove privileges from a role.R3tprivilege_remove_memberRRR8R9R:RsMembers that could not be addedR;sNumber of privileges removed(RRRR R<R=R>R?R@RARBRCRDRE(((s7/usr/lib/python2.6/site-packages/ipalib/plugins/role.pyRFŻs     N(tipalib.plugins.baseldaptipalibRRRRRtipalib.pluginsRR t LDAPObjectRtregistert LDAPCreateR.t LDAPDeleteR0t LDAPUpdateR1t LDAPSearchR2t LDAPRetrieveR3t LDAPAddMemberR4tLDAPRemoveMemberR5tLDAPAddReverseMemberR6tLDAPRemoveReverseMemberRF(((s7/usr/lib/python2.6/site-packages/ipalib/plugins/role.pyts2 "! $