[Freeipa-users] ipa "user administrator" role - gidnumber
Sigbjorn Lie
sigbjorn at nixtra.com
Wed Jun 13 11:07:24 UTC 2012
Hi,
I have a user that's a member of the "user administrator" role. When this user attempts to change
the gid of a user an error occur.
ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the 'gidNumber' attribute of entry
Looking at the privilege "user administrators" attached to the role, and the permission "modify
users" attached to the privilege, I see that "gidnumber" is not ticked as a target to allow
"modify users" to write to.
So permissions are handeled correctly, but the write permission to gidnumber is missing.
Is this a bug or intentional?
I would see it as natural that a user admin has access to also change the gidnumber of a user.
Rgds,
Siggi
More information about the Freeipa-users
mailing list