[Freeipa-users] RBAC - User Administrator - OTP tokens
Martin Basti
mbasti at redhat.com
Fri Sep 30 10:00:54 UTC 2016
On 27.09.2016 17:16, Prashant Bapat wrote:
> RBAC Role "User Administrator" should have access to all users OTP
> tokens. Specifically to remove if some one has lost their token. We
> get this a lot.
>
> I found no permissions that give this access.
>
> Can someone explain if this can be added easily either from the WebUI
> or CLI.
>
> Thanks.
> --Prashant
>
>
>
>
Hello,
OTP related access control is bounded with token owner and token
manager, we don't have any system permission created for that.
Feel free to open ticket (just for deleting OTP):
https://fedorahosted.org/freeipa/newticket
We will see if it is feasible.
You can create your own permission in RBAC tab in permissions section
and assign this to User Administrator privilege but be careful with
extending permissions related to OTP, it may open an attack vector.
http://www.freeipa.org/page/V4/OTP#Permissions
Martin^2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160930/affdfd22/attachment.htm>
More information about the Freeipa-users
mailing list