All Versions
Fedora 3.8.0 (Current Release)
Fedora 3.7.x
Fedora 3.6.x
Fedora 3.5.x
More..
Old Release
This documentation covers an old version of Fedora. Looking for another version? See all documentation.
Question: I would like to prevent changes to my repository for some period of time. Is there a way to go "read-only" and disable API-M?
Answer: Yes; if you have XACML policy enforcement enabled, you can disable all API-M requests to your repository via policy. While disabled, all API-M requests will result in an "Authorization Denied" message for the requesting user or application. As with all XACML policy changes, it is not necessary to restart your repository to put the new rules into effect.
Instructions:
<?xml version="1.0" encoding="UTF-8"?> <Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyId="disable-writes" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"> <Description>disable writes</Description> <Target> <Subjects> <AnySubject/> </Subjects> <Resources> <AnyResource/> </Resources> <Actions> <Action> <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">urn:fedora:names:fedora:2.1:action:api-m</AttributeValue> <ActionAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="urn:fedora:names:fedora:2.1:action:api"/> </ActionMatch> </Action> </Actions> </Target> <Rule RuleId="1" Effect="Deny"/> </Policy>