On Thu, Nov 7, 2013 at 1:35 PM, John Bollinger <[email protected]>wrote:
> > > On Thursday, November 7, 2013 10:47:56 AM UTC-6, John Bollinger wrote: >> >> >> >> On Wednesday, November 6, 2013 5:50:35 AM UTC-6, Rob Reynolds wrote: >>> >>> Here is the ARM - https://github.com/puppetlabs/armatures/blob/ >>> master/arm-16.acls/index.md >>> >>> Also have some questions listed at https://github.com/puppetlabs/ >>> armatures/blob/master/arm-16.acls/index.md#open-questions >>> >>> >> >> And now for the "continue tearing it apart" part :-). Issues that occur >> to me upon first reading of the ARM, in no particular order: >> >> > > 8. The ARM appears to indicate that Acl resources are expected to > identify the object to which they apply via their titles. That is well, > but it leaves me wondering why it is then necessary or appropriate for the > Security_descriptor type to redundantly identify a DACL via property 'dacl'. > Actually that is not the case. It is just a unique title so an ACL could be applied to multiple security descriptor types. Note that nowhere is a path defined here: https://github.com/puppetlabs/armatures/blob/master/arm-16.acls/index.md#acl-type > > 9. With respect to the note in the ARM about errors related to narrowing > permissions, it would be highly desirable for the module to allow users to > specify *minimum* permission requirements without having to declare > *exact* permissions. That is, if I want to declare that some user can > read a certain file, but I don't care whether he can modify it, then I > don't want to be stuck guessing at or managing that file's inherited > permissions in order to specify an acceptable exact set of permissions for > that user. > > > John > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-dev/18e68401-3f16-4551-850a-18a3c68eb8ed%40googlegroups.com > . > > For more options, visit https://groups.google.com/groups/opt_out. > -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/CAMJiBK6hnChTrxn9i5PSaLofbJ3C%3D4_Ym4CKZvDk7-MUOnUFng%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
