[Freeipa-users] Roles and permissions
Steven Jones
Steven.Jones at vuw.ac.nz
Tue Feb 7 00:59:43 UTC 2012
Hi,
Trying to get my head around these....is it possible to create a group administrator say "engineering team administrator" and have that role only able to add specific users (how to specify?) to specific user groups (say) ie I want to be able to delegate responsibility for limited groups and users to others and limit their functioanilty...?
I dont find that section of the manual very easy to understand....I'd like examples or more explanation....
Also if such a say (bad) "engineering team administrator" could add anyone say THE admin to a group that the (bad) admin had password changes in/on then this allows the bad admin to change that admin user password............the user then effectively owns the IPA system...?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
More information about the Freeipa-users
mailing list