<html> <head> <style></style></head> <body class='hmmessage'><div dir='ltr'>Hi All,<div> </div><div>I have created below permission for my "testhostgroup" with the expectation that this permission will only allow write permission to the members of "testhostgroup" but, then it allows me to add/delete other hostgroup members as well. I tried changing the effective attribute to "memberof" instead of "member" but in vain as with that i started getting permission denied error even on testhostgroup itself.</div><div> </div><div>*****</div><div> ipa permission-add 'testhostgroup-modify' --permission=write --attrs=member --filter='(&(cn=testhostgroup)(objectclass=ipahostgroup ))' -------------------------------------- Added permission "testhostgroup-modify" -------------------------------------- Permission name: testhostgroup-modify Granted rights: write Effective attributes: member Bind rule type: permission Subtree: dc=us-west-2,dc=compute,dc=amazonaws,dc=com Extra target filter: (&(cn= testhostgroup)(objectclass=ipahostgroup ))****** How can i restrict permissions to manage only those hosts which are part of a particular hostgroup? any help you could offer on this would be much appreciated. I could not find much on similar issue in the forum :( Thanks,Deepak</div> </div></body> </html>