[Freeipa-users] How to create readonly on all IPA data

[Rob Crittenden]

Fred van Zwieten wrote:
> Hi there,
>
> We have implemented IPA. We need to give someone in our org a read-only
> account on all IPA data. So, internal IPA data, user, groups, hosts,
> dns, etc. All
>
> So I want to create a role "Auditor". But then I must build privs and
> permissions. What would be the simplest/best way to do this?

Any authenticated user should be able to read most anything, except for 
passwords.

rob