Search

D.7. TPS-specific ACLs

download PDF
This section covers the default access control configuration attributes which are set specifically for the Token Processing System (TPS). The TPS ACL configuration also includes all of the common ACLs listed in Section D.2, “Common ACLs”.

D.7.1. certServer.tps.account

Controls that users can log in and log out.
allow (login,logout) user="anybody"
Table D.74. certServer.tps.account ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
login Log into the TPS Allow All users
logout Log out from the TPS Allow All users

D.7.2. certServer.tps.authenticators

Controls that only administrators can access authenticators.
allow (read,change-status,add,modify,remove) group="Administrators"
Table D.75. certServer.tps.authenticators ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
read Read authenticators Allow Administrators
change-status Change status of authenticators Allow Administrators
add Add authenticators Allow Administrators
modify Update authenticators Allow Administrators
remove Remove authenticators Allow Administrators

D.7.3. certServer.tps.audit

Controls that only administrators can access the audit configuration.
allow (read,modify) group="Administrators"
Table D.76. certServer.tps.audit ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
read Read configuration audit settings Allow Administrators
modify Update configuration audit settings Allow Administrators

D.7.4. certServer.tps.config

Controls that only administrators can access the configuration.
allow (read,modify) group="Administrators"
Table D.77. certServer.tps.config ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
read Read configuration settings Allow Administrators
modify Update configuration settings Allow Administrators

D.7.5. certServer.tps.connectors

Controls that only administrators can access connectors.
allow (read,change-status,add,modify,remove) group="Administrators"
Table D.78. certServer.tps.connectors ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
read Read connectors Allow Administrators
change-status Change the status of connectors Allow Administrators
add Add connectors Allow Administrators
modify Update connectors Allow Administrators
remove Remove connectors Allow Administrators

D.7.6. certServer.tps.groups

Enables administrators to execute group operations.
allow (execute) group="Administrators"
Table D.79. certServer.tps.groups ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
execute Execute group operations Allow Administrators

D.7.7. certServer.tps.users

Enables administrators to execute user operations.
allow (execute) group="Administrators"
Table D.80. certServer.tps.users ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
execute Execute user operations Allow Administrators

D.7.8. certServer.tps.profiles

Allows that administrators and TPS agents can read and change the status of profiles. However, only administrators can add, modify, and remove profiles.
allow (read,change-status) group="Administrators" || group="TPS Agents" ; allow (add,modify,remove) group="Administrators"
Table D.81. certServer.tps.profiles ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
read Read profiles Allow Administrators, TPS agents
change-status Change status of profiles Allow Administrators, TPS agents
add Add profiles Allow Administrators
modify Update profiles Allow Administrators
remove Remove profiles Allow Administrators

D.7.9. certServer.tps.profile-mappings

Controls that only administrators can access profile mappings.
allow (read,change-status,add,modify,remove) group="Administrators"
Table D.82. certServer.tps.users ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
read Read profile mappings Allow Administrators
change-status Change status of profile mappings Allow Administrators
add Add profile mappings Allow Administrators
modify Update profile settings Allow Administrators
remove Remove profile settings Allow Administrators

D.7.10. certServer.tps.selftests

Controls that only administrators can access self tests.
allow (read,execute) group="Administrators"
Table D.83. certServer.tps.selftests ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
read Read self tests Allow Administrators
execute Execute self tests Allow Administrators

D.7.11. certServer.tps.tokens

Controls that administrators, agents, and operators can read tokens. However, only administrators can add and remove tokens, and only agents can modify tokens.
allow (read) group="Administrators" || group="TPS Agents" || group="TPS Operators"; allow (add,remove) group="Administrators" ; allow (modify) group="TPS Agents"
Table D.84. certServer.tps.tokens ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
read Read tokens Allow Administrators, TPS agents, TPS operators
add Add tokens Allow Administrators
remove Remove tokens Allow Administrators
modify Update tokens Allow TPS agents
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.