Module kanidmd_lib::server::access
source · Expand description
Access Control Profiles
This is a pretty important and security sensitive part of the code - it’s responsible for making sure that who is allowed to do what is enforced, as well as who is not allowed to do what.
A detailed design can be found in access-profiles-and-security.
This component of the server really has a few parts
- the ability to parse access profile structures into real ACP structs
- the ability to apply sets of ACP’s to entries for coarse actions (IE search.
- the ability to turn an entry into a partial-entry for results send requirements (also search).