+ image
diff --git a/README-SECURITY-MODEL.md b/README-SECURITY-MODEL.md
index f2edc2a..5d5d895 100644
--- a/README-SECURITY-MODEL.md
+++ b/README-SECURITY-MODEL.md
@@ -16,6 +16,9 @@
under the License.
# README for Apache Fortress Security Model
+
+
+/home/smckinn/GIT/fortressDev/directory-fortress-enmasse/images/ApacheFortressRestSecurityModel.png
___________________________________________________________________________________
## Table of Contents
diff --git a/images/ApacheFortressRestSecurityModel.png b/images/ApacheFortressRestSecurityModel.png
new file mode 100644
index 0000000..3197db7
--- /dev/null
+++ b/images/ApacheFortressRestSecurityModel.png
Binary files differ
diff --git a/src/main/resources/FortressRestServerPolicy.xml b/src/main/resources/FortressRestServerPolicy.xml
index ec127c2..2717844 100644
--- a/src/main/resources/FortressRestServerPolicy.xml
+++ b/src/main/resources/FortressRestServerPolicy.xml
@@ -145,7 +145,6 @@
<permgrant objName="org.apache.directory.fortress.core.impl.DelReviewMgrImpl" opName="assignedUsers" roleNm="fortress-rest-admin" admin="true"/>
<permgrant objName="org.apache.directory.fortress.core.impl.DelReviewMgrImpl" opName="readOU" roleNm="fortress-rest-admin" admin="true"/>
<permgrant objName="org.apache.directory.fortress.core.impl.DelReviewMgrImpl" opName="searchOU" roleNm="fortress-rest-admin" admin="true"/>
- <permgrant objName="org.apache.directory.fortress.core.impl.DelReviewMgrImpl" opName="rolePermissions" roleNm="fortress-rest-admin" admin="true"/>
<permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl" opName="addUser" roleNm="fortress-rest-admin" admin="true"/>
<permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl" opName="disableUser" roleNm="fortress-rest-admin" admin="true"/>
@@ -222,13 +221,11 @@
<permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="add" roleNm="fortress-rest-admin" admin="true"/>
<permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="update" roleNm="fortress-rest-admin" admin="true"/>
<permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="delete" roleNm="fortress-rest-admin" admin="true"/>
- <permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="addProperty" roleNm="fortress-rest-admin" admin="true"/>
- <permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="deleteProperty" roleNm="fortress-rest-admin" admin="true"/>
<permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="assign" roleNm="fortress-rest-admin" admin="true"/>
<permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="deassign" roleNm="fortress-rest-admin" admin="true"/>
<permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="read" roleNm="fortress-rest-admin" admin="true"/>
- <permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="find" roleNm="fortress-rest-admin" admin="true"/>
- <permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="findWithUsers" roleNm="fortress-rest-admin" admin="true"/>
+<!-- <permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="find" roleNm="fortress-rest-admin" admin="true"/>-->
+ <!--<permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="findWithUsers" roleNm="fortress-rest-admin" admin="true"/>-->
<permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="groupRoles" roleNm="fortress-rest-admin" admin="true"/>
<permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="roleGroups" roleNm="fortress-rest-admin" admin="true"/>
</addpermgrant>
