[Freeipa-users] fine-grained permissions for DNS tasks
Martin Kosek
mkosek at redhat.com
Fri Dec 13 09:01:19 UTC 2013
On 12/12/2013 11:38 PM, Adam Young wrote:
> On 12/12/2013 04:26 PM, Stephen Ingram wrote:
>> Is it possible to restrict user to say a DNS Administrator role for only one
>> domain in the system?
>>
>> Steve
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> Yes. Read up here.
>
> http://adam.younglogic.com/2012/02/dns-managers-in-freeipa/
... or you can use the dnszone-add-permission command to have a per-zone
permission with almost zero effort. This command was introduced in FreeIPA 3.0,
it will create a permission that will give the assigned users read/write/delete
access to specified zone and it's records.
See
http://fedoraproject.org/wiki/QA:Testcase_freeipav3_dns_delegation
for testing instructions.
HTH,
Martin
More information about the Freeipa-users
mailing list