[Freeipa-users] Unable to search HBAC Rule
Martin Basti
mbasti at redhat.com
Wed Jan 20 13:34:51 UTC 2016
On 20.01.2016 14:26, Yogesh Sharma wrote:
> Hi,
>
> We have created a user with HBAC Admin permission which has below
> permission (Default as provided by IPA):
>
> System: Add HBAC Rule
> System: Add HBAC Service Groups
> System: Add HBAC Services
> System: Delete HBAC Rule
> System: Delete HBAC Service Groups
> System: Delete HBAC Services
> System: Manage HBAC Rule Membership
> System: Manage HBAC Service Group Membership
> System: Modify HBAC Rule
>
> When I try add below in a new RBAC, it denied the operation as it is
> already open for all.
>
> System: Read HBAC Rules
> System: Read HBAC Service Groups
> System: Read HBAC Services
>
>
> If we change it to permission, then login is failing.
>
> Please suggest what we need to do so that HBAC admin can search the
> HBAC rule in FreeIPA rule.
>
>
Hello, which version of IPA do you use?
This has been fixed (workaround).
https://fedorahosted.org/freeipa/ticket/5130
The proper fix requires changes in DS ACI evaluation that should be in
RHEL 7.3
Martin
>
> /Best Regards,/
> /__________________________________________
> /
> /Yogesh Sharma
> /
> /Email: yks0000 at gmail.com <mailto:yks0000 at gmail.com> | Web:
> www.initd.in <http://www.initd.in/> /
> /
> /
> /RHCE, VCE-CIA, RACKSPACE CLOUD U Certified/
>
> <https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000>
> <https://twitter.com/checkwithyogesh>
> <http://google.com/+YogeshSharmaOnGooglePlus>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160120/be25848d/attachment.htm>
More information about the Freeipa-users
mailing list