authorize - LCFG basic authorization module for "om"
The authorize resources are used by the LCFG::Authorize Perl module. In a default installation, this module controls which users have the capabilities necessary to execute om commands on LCFG components. There is no component code for this module.
Note that LCFG::Authorize is a very basic authorization module which is not suitable for large or complex authorization schemes, and it may not be used in all installations. For example, DICE uses the LDAP-based DICE::Authorize module instead - this selection is controlled by the component's ng_authorization resource which is normally set to the value of profile.authorize.
Components allow a user to run a method foo if the user has a "capability" listed in the om_acl_foo resource. By default, this has the value om/all, so users with this capability can execute any component method.
The <lcfgcap> command may be used to query capabilities.
A (space-separated) list of tags representing groups of users.
A (space-separated) list of usernames for users in the group.
A (space-separated) list of capabilities to be given to the users in the group.
Scientific5, Scientific6, Fedora12, Fedora13
Paul Anderson <dcspaul@inf.ed.ac.uk>, Simon Wilkinson <sxw@inf.ed.ac.uk>