[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5555) authzTo ACL check for wrong principal

Full_Name: Andrew Findlay
Version: 2.4.10
OS: Linux: SuSE 10.2
Submission from: (NULL) (

When using "authz-policy to" I find that the entity that is trying to do an
operation on behalf of another entity needs read access to its own authzTo
This seems wrong: authzTo is defining what the user may do: I do not really want
them to be able to see it. When doing a proxy authz I think ACLs for this
attribute should not be checked at all as the access is effectively being done
by the rootdn.