[Freeipa-users] Delegation + visibility on users/user groups

[Gerald Zabos]

Hello all,

after setting up a productive IPA 4.4 environment with eight nodes (master
+ replicas) on four different locations everything works well. Good job,
guys.

I am tinkering around with user management and prepared an example setup:

- create one supervisor user (bob)
- create four team users on bob's team (bridget, betty, bernard, bill)
- create a user group (b-team) with bob, bridget, betty, bernard, bill as
active users in that team

Now i want to achieve the following:

- supervisor (bob) can see his team members (bridget, betty, bernard, bill)
-and only his team members- to handle administrative tasks within his team
-and only his team- , e.g. reset their password, lock their account, change
their information.

Use case: external customer gets limited access and MUST NOT see our
internal users and/or other external customers.

Can someone please point me to the right documentation and/or give me hints
on how to achieve this?

Regards,

Gerald
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170215/4e63d060/attachment.htm>