[Freeipa-users] User Roles and access in GUI
Chandan Kumar
chandank.kumar at gmail.com
Mon Apr 15 15:11:53 UTC 2013
I think controlling Visibility of tabs would be the best option, if
possible, based on Roles as mentioned by Rob. As long as other entries are
not visible in UI, even though they have read only access with command
line, should be enough.
On Monday, April 15, 2013, Alexander Bokovoy wrote:
> On Mon, 15 Apr 2013, Petr Spacek wrote:
>
>> On 15.4.2013 15:39, Rob Crittenden wrote:
>>
>>> There is no easy way to do this. We start with granting all authenticated
>>> users read access to the tree with the exception of certain attributes
>>> (like
>>> passwords).
>>>
>>> You'd have to start by removing that, then one by one granting read
>>> access to
>>> the various containers based on, well, something.
>>>
>>
>> Would it be possible to create a new role to allow current 'read-all
>> access' and add this role to all users by default?
>>
>> It could be much simpler to change the behaviour with this role, or not?
>> :-)
>>
> It would affect service accounts (include host/fqdn at REALM) since roles
> cannot be applied to them, if I remember correctly. We would need to
> make an exclusive ACI that allows all services to gain read only access...
>
> --
> / Alexander Bokovoy
>
> ______________________________**_________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/**mailman/listinfo/freeipa-users<https://www.redhat.com/mailman/listinfo/freeipa-users>
>
--
--
http://about.me/chandank
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130415/ecb83511/attachment.htm>
More information about the Freeipa-users
mailing list