[Freeipa-users] Unable to search HBAC Rule
Yogesh Sharma
yks0000 at gmail.com
Wed Jan 20 13:37:14 UTC 2016
Hi Martin,
FreeIPA version 4.1.0
Will look into the Workaround. Thanks
*Best Regards,*
*__________________________________________*
*Yogesh Sharma*
*Email: yks0000 at gmail.com <yks0000 at gmail.com> | Web: www.initd.in
<http://www.initd.in/> *
*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*
<https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000>
<https://twitter.com/checkwithyogesh>
<http://google.com/+YogeshSharmaOnGooglePlus>
On Wed, Jan 20, 2016 at 7:04 PM, Martin Basti <mbasti at redhat.com> wrote:
>
>
> On 20.01.2016 14:26, Yogesh Sharma wrote:
>
> Hi,
>
> We have created a user with HBAC Admin permission which has below
> permission (Default as provided by IPA):
>
> System: Add HBAC Rule
> System: Add HBAC Service Groups
> System: Add HBAC Services
> System: Delete HBAC Rule
> System: Delete HBAC Service Groups
> System: Delete HBAC Services
> System: Manage HBAC Rule Membership
> System: Manage HBAC Service Group Membership
> System: Modify HBAC Rule
>
> When I try add below in a new RBAC, it denied the operation as it is
> already open for all.
>
> System: Read HBAC Rules
> System: Read HBAC Service Groups
> System: Read HBAC Services
>
>
> If we change it to permission, then login is failing.
>
> Please suggest what we need to do so that HBAC admin can search the HBAC
> rule in FreeIPA rule.
>
>
> Hello, which version of IPA do you use?
>
> This has been fixed (workaround).
> https://fedorahosted.org/freeipa/ticket/5130
>
> The proper fix requires changes in DS ACI evaluation that should be in
> RHEL 7.3
>
> Martin
>
>
> *Best Regards,*
>
> *__________________________________________ *
>
> *Yogesh Sharma *
> *Email: <yks0000 at gmail.com>yks0000 at gmail.com <yks0000 at gmail.com> | Web:
> <http://www.initd.in/>www.initd.in <http://www.initd.in> *
>
> *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*
>
> <https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000>
> <https://twitter.com/checkwithyogesh>
> <http://google.com/+YogeshSharmaOnGooglePlus>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160120/38c9ede7/attachment.htm>
More information about the Freeipa-users
mailing list