[Freeipa-users] How to create readonly on all IPA data
Petr Spacek
pspacek at redhat.com
Mon Jun 24 15:10:48 UTC 2013
On 24.6.2013 15:12, Rob Crittenden wrote:
> Fred van Zwieten wrote:
>> Hi there,
>>
>> We have implemented IPA. We need to give someone in our org a read-only
>> account on all IPA data. So, internal IPA data, user, groups, hosts,
>> dns, etc. All
>>
>> So I want to create a role "Auditor". But then I must build privs and
>> permissions. What would be the simplest/best way to do this?
>
> Any authenticated user should be able to read most anything, except for
> passwords.
Also DNS sub-tree is not accessible for normal users.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list