mirror of
https://github.com/altlinux/admx-basealt.git
synced 2024-10-26 17:25:11 +03:00
228 lines
14 KiB
XML
228 lines
14 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!-- (c) 2023 BaseALT, Ltd. -->
|
|
<policyDefinitionResources xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions" revision="1.0" schemaVersion="1.0">
|
|
<displayName>ALT polkit-policies definitions of Realmd</displayName>
|
|
<description>This file contains the Realmd service polkit-policies definitions used by ALT operating system.</description>
|
|
<resources>
|
|
<stringTable>
|
|
|
|
<string id="org-freedesktop-realmd-configure-realm">Permission to join machine to realm</string>
|
|
<string id="org-freedesktop-realmd-configure-realm_Help">The policy manages the restriction of the machine's ability to join realm
|
|
|
|
Disabled/Unconfigured — restrictions are defined by system parameters.
|
|
|
|
Enabled — restriction with defined rights;
|
|
|
|
Possible values:
|
|
|
|
"No" — set restriction with action denial (user is not allowed to perform the action);
|
|
|
|
"Yes" — remove the restriction (the user can perform the action without any authentication);
|
|
|
|
"Auth_self" — the user must enter his/her password for authentication. Note, this level of restriction is not sufficient for most multi-user applications, "Auth_admin" is usually recommended;
|
|
|
|
"Auth_admin" — the user must enter the administrator password at each request. Requires authentication of the user with administrator privileges;
|
|
|
|
"Auth_self_keep" — similar to "Auth_self", but authorization is maintained for a short period of time (e.g., five minutes). Note, this level of restriction is insufficient for most multi-user applications, "Auth_admin_keep" is generally recommended;
|
|
|
|
"Auth_admin_keep" — similar to "Auth_admin", but authorization is maintained for a short period of time (e.g., five minutes);
|
|
|
|
Note: the possession of administrative rights in a PolicyKit context is determined by its rules. By default, Alt asks for the password of a user in the "wheel" group.
|
|
|
|
The "Block" option prevents the user from changing this setting. Blocking a policy makes it a priority over a similar policy for the user.
|
|
|
|
</string>
|
|
<string id="org-freedesktop-realmd-configure-realm-user">Permission to join machine to realm</string>
|
|
<string id="org-freedesktop-realmd-configure-realm-user_Help">The policy manages the restriction of the machine's ability to join realm
|
|
|
|
Disabled/Unconfigured — restrictions are defined by system parameters.
|
|
|
|
Enabled — restriction with defined rights;
|
|
|
|
Possible values:
|
|
|
|
"No" — set restriction with action denial (user is not allowed to perform the action);
|
|
|
|
"Yes" — remove the restriction (the user can perform the action without any authentication);
|
|
|
|
"Auth_self" — the user must enter his/her password for authentication. Note, this level of restriction is not sufficient for most multi-user applications, "Auth_admin" is usually recommended;
|
|
|
|
"Auth_admin" — the user must enter the administrator password at each request. Requires authentication of the user with administrator privileges;
|
|
|
|
"Auth_self_keep" — similar to "Auth_self", but authorization is maintained for a short period of time (e.g., five minutes). Note, this level of restriction is insufficient for most multi-user applications, "Auth_admin_keep" is generally recommended;
|
|
|
|
"Auth_admin_keep" — similar to "Auth_admin", but authorization is maintained for a short period of time (e.g., five minutes);
|
|
|
|
Note: the possession of administrative rights in a PolicyKit context is determined by its rules. By default, Alt asks for the password of a user in the "wheel" group.
|
|
|
|
</string>
|
|
<string id="org-freedesktop-realmd-deconfigure-realm">Permission to remove machine from realm</string>
|
|
<string id="org-freedesktop-realmd-deconfigure-realm_Help">The policy restricts the ability to remove a machine from the realm
|
|
|
|
Disabled/Unconfigured — restrictions are defined by system parameters.
|
|
|
|
Enabled — restriction with defined rights;
|
|
|
|
Possible values:
|
|
|
|
"No" — set restriction with action denial (user is not allowed to perform the action);
|
|
|
|
"Yes" — remove the restriction (the user can perform the action without any authentication);
|
|
|
|
"Auth_self" — the user must enter his/her password for authentication. Note, this level of restriction is not sufficient for most multi-user applications, "Auth_admin" is usually recommended;
|
|
|
|
"Auth_admin" — the user must enter the administrator password at each request. Requires authentication of the user with administrator privileges;
|
|
|
|
"Auth_self_keep" — similar to "Auth_self", but authorization is maintained for a short period of time (e.g., five minutes). Note, this level of restriction is insufficient for most multi-user applications, "Auth_admin_keep" is generally recommended;
|
|
|
|
"Auth_admin_keep" — similar to "Auth_admin", but authorization is maintained for a short period of time (e.g., five minutes);
|
|
|
|
Note: the possession of administrative rights in a PolicyKit context is determined by its rules. By default, Alt asks for the password of a user in the "wheel" group.
|
|
|
|
The "Block" option prevents the user from changing this setting. Blocking a policy makes it a priority over a similar policy for the user.
|
|
|
|
</string>
|
|
<string id="org-freedesktop-realmd-deconfigure-realm-user">Permission to remove machine from realm</string>
|
|
<string id="org-freedesktop-realmd-deconfigure-realm-user_Help">The policy restricts the ability to remove a machine from the realm
|
|
|
|
Disabled/Unconfigured — restrictions are defined by system parameters.
|
|
|
|
Enabled — restriction with defined rights;
|
|
|
|
Possible values:
|
|
|
|
"No" — set restriction with action denial (user is not allowed to perform the action);
|
|
|
|
"Yes" — remove the restriction (the user can perform the action without any authentication);
|
|
|
|
"Auth_self" — the user must enter his/her password for authentication. Note, this level of restriction is not sufficient for most multi-user applications, "Auth_admin" is usually recommended;
|
|
|
|
"Auth_admin" — the user must enter the administrator password at each request. Requires authentication of the user with administrator privileges;
|
|
|
|
"Auth_self_keep" — similar to "Auth_self", but authorization is maintained for a short period of time (e.g., five minutes). Note, this level of restriction is insufficient for most multi-user applications, "Auth_admin_keep" is generally recommended;
|
|
|
|
"Auth_admin_keep" — similar to "Auth_admin", but authorization is maintained for a short period of time (e.g., five minutes);
|
|
|
|
Note: the possession of administrative rights in a PolicyKit context is determined by its rules. By default, Alt asks for the password of a user in the "wheel" group.
|
|
|
|
</string>
|
|
<string id="org-freedesktop-realmd-discover-realm">Permission to discover realm</string>
|
|
<string id="org-freedesktop-realmd-discover-realm_Help">The policy limits the possibility of discovering the realm
|
|
|
|
Disabled/Unconfigured — restrictions are defined by system parameters.
|
|
|
|
Enabled — restriction with defined rights;
|
|
|
|
Possible values:
|
|
|
|
"No" — set restriction with action denial (user is not allowed to perform the action);
|
|
|
|
"Yes" — remove the restriction (the user can perform the action without any authentication);
|
|
|
|
"Auth_self" — the user must enter his/her password for authentication. Note, this level of restriction is not sufficient for most multi-user applications, "Auth_admin" is usually recommended;
|
|
|
|
"Auth_admin" — the user must enter the administrator password at each request. Requires authentication of the user with administrator privileges;
|
|
|
|
"Auth_self_keep" — similar to "Auth_self", but authorization is maintained for a short period of time (e.g., five minutes). Note, this level of restriction is insufficient for most multi-user applications, "Auth_admin_keep" is generally recommended;
|
|
|
|
"Auth_admin_keep" — similar to "Auth_admin", but authorization is maintained for a short period of time (e.g., five minutes);
|
|
|
|
Note: the possession of administrative rights in a PolicyKit context is determined by its rules. By default, Alt asks for the password of a user in the "wheel" group.
|
|
|
|
The "Block" option prevents the user from changing this setting. Blocking a policy makes it a priority over a similar policy for the user.
|
|
|
|
</string>
|
|
<string id="org-freedesktop-realmd-discover-realm-user">Permission to discover realm</string>
|
|
<string id="org-freedesktop-realmd-discover-realm-user_Help">The policy limits the possibility of discovering the realm
|
|
|
|
Disabled/Unconfigured — restrictions are defined by system parameters.
|
|
|
|
Enabled — restriction with defined rights;
|
|
|
|
Possible values:
|
|
|
|
"No" — set restriction with action denial (user is not allowed to perform the action);
|
|
|
|
"Yes" — remove the restriction (the user can perform the action without any authentication);
|
|
|
|
"Auth_self" — the user must enter his/her password for authentication. Note, this level of restriction is not sufficient for most multi-user applications, "Auth_admin" is usually recommended;
|
|
|
|
"Auth_admin" — the user must enter the administrator password at each request. Requires authentication of the user with administrator privileges;
|
|
|
|
"Auth_self_keep" — similar to "Auth_self", but authorization is maintained for a short period of time (e.g., five minutes). Note, this level of restriction is insufficient for most multi-user applications, "Auth_admin_keep" is generally recommended;
|
|
|
|
"Auth_admin_keep" — similar to "Auth_admin", but authorization is maintained for a short period of time (e.g., five minutes);
|
|
|
|
Note: the possession of administrative rights in a PolicyKit context is determined by its rules. By default, Alt asks for the password of a user in the "wheel" group.
|
|
|
|
</string>
|
|
<string id="org-freedesktop-realmd-login-policy">Permission to change login policy</string>
|
|
<string id="org-freedesktop-realmd-login-policy_Help">The policy restricts the ability to change the logon policy
|
|
|
|
Disabled/Unconfigured — restrictions are defined by system parameters.
|
|
|
|
Enabled — restriction with defined rights;
|
|
|
|
Possible values:
|
|
|
|
"No" — set restriction with action denial (user is not allowed to perform the action);
|
|
|
|
"Yes" — remove the restriction (the user can perform the action without any authentication);
|
|
|
|
"Auth_self" — the user must enter his/her password for authentication. Note, this level of restriction is not sufficient for most multi-user applications, "Auth_admin" is usually recommended;
|
|
|
|
"Auth_admin" — the user must enter the administrator password at each request. Requires authentication of the user with administrator privileges;
|
|
|
|
"Auth_self_keep" — similar to "Auth_self", but authorization is maintained for a short period of time (e.g., five minutes). Note, this level of restriction is insufficient for most multi-user applications, "Auth_admin_keep" is generally recommended;
|
|
|
|
"Auth_admin_keep" — similar to "Auth_admin", but authorization is maintained for a short period of time (e.g., five minutes);
|
|
|
|
Note: the possession of administrative rights in a PolicyKit context is determined by its rules. By default, Alt asks for the password of a user in the "wheel" group.
|
|
|
|
The "Block" option prevents the user from changing this setting. Blocking a policy makes it a priority over a similar policy for the user.
|
|
|
|
</string>
|
|
<string id="org-freedesktop-realmd-login-policy-user">Permission to change login policy</string>
|
|
<string id="org-freedesktop-realmd-login-policy-user_Help">The policy restricts the ability to change the logon policy
|
|
|
|
Disabled/Unconfigured — restrictions are defined by system parameters.
|
|
|
|
Enabled — restriction with defined rights;
|
|
|
|
Possible values:
|
|
|
|
"No" — set restriction with action denial (user is not allowed to perform the action);
|
|
|
|
"Yes" — remove the restriction (the user can perform the action without any authentication);
|
|
|
|
"Auth_self" — the user must enter his/her password for authentication. Note, this level of restriction is not sufficient for most multi-user applications, "Auth_admin" is usually recommended;
|
|
|
|
"Auth_admin" — the user must enter the administrator password at each request. Requires authentication of the user with administrator privileges;
|
|
|
|
"Auth_self_keep" — similar to "Auth_self", but authorization is maintained for a short period of time (e.g., five minutes). Note, this level of restriction is insufficient for most multi-user applications, "Auth_admin_keep" is generally recommended;
|
|
|
|
"Auth_admin_keep" — similar to "Auth_admin", but authorization is maintained for a short period of time (e.g., five minutes);
|
|
|
|
Note: the possession of administrative rights in a PolicyKit context is determined by its rules. By default, Alt asks for the password of a user in the "wheel" group.
|
|
|
|
</string>
|
|
|
|
<string id="org-freedesktop-realmd-No">No</string>
|
|
<string id="org-freedesktop-realmd-Yes">Yes</string>
|
|
<string id="org-freedesktop-realmd-Auth-self">Auth_self</string>
|
|
<string id="org-freedesktop-realmd-Auth-admin">Auth_admin</string>
|
|
<string id="org-freedesktop-realmd-Auth-self-keep">Auth_self_keep</string>
|
|
<string id="org-freedesktop-realmd-Auth-admin-keep">Auth_admin_keep</string>
|
|
|
|
</stringTable>
|
|
<presentationTable>
|
|
<presentation id="org-freedesktop-Realmd-pr">
|
|
<dropdownList noSort="true" defaultItem="1" refId="OrgFreedesktopRealmd_setter">Restriction Options:</dropdownList>
|
|
<checkBox refId="OrgFreedesktopRealmd_blocker">Block</checkBox>
|
|
</presentation>
|
|
<presentation id="org-freedesktop-Realmd-user-pr">
|
|
<dropdownList noSort="true" defaultItem="1" refId="OrgFreedesktopRealmd_setter">Restriction Options:</dropdownList>
|
|
</presentation>
|
|
</presentationTable>
|
|
</resources>
|
|
</policyDefinitionResources> |