[Freeipa-users] Role Required for Web Portal Access
Martin Kosek
mkosek at redhat.com
Thu Mar 15 09:24:34 UTC 2012
On Thu, 2012-03-15 at 03:57 -0400, Tim Hildred wrote:
> Hey all;
> I preparing to use IPA as the Directory Server for my RHEV installation. Formerly in RHEV, you could change users passwords using the RHEV User Portal itself. With RHEV 3.0, this is no longer posssible. Instead, users need to be able to change their password using the IPA Web Administration Portal. I've set it up so that the IPA portal can be accessed using username and password rather than a Kerberos ticket. I've set all the users passwords to a default value.
>
> I'd like them to be able to log on to the IPA web UI, update only their own password (and other details about themselves), and carry on.
>
> Therefore, I don't want to give them admin roles, but some lesser, possibly custom role.
>
> Is this possible?
>
> Thanks!
Hello Tim,
yes, this is possible. Any user can log in to WebUI and change his
account details or set the new password. They don't need to have
assigned any custom role, there are selfservice permissions that allow
that (you can check them with `ipa selfservice-find`).
Users with no admin role really see just the one tab with his account
details so that he is not distracted with all IPA WebUI configuration
options.
Martin
More information about the Freeipa-users
mailing list