Split the hosts into 2 groups, regular and special_access. Put regular
operators into a non-posix group, regular_operators, and make a different
group, special_operators, for those people.
Disable the allow_all rule. Create a regular access rule with regular hosts and
regular users. Create a special access rule for special hosts and users.
If special access users can also use regular hosts, add that group to the
regular rule as well.
On April 19, 2022 4:20:42 AM EDT, iulian roman via FreeIPA-users
<freeipa-users@lists.fedorahosted.org> wrote:
>Hello Everybody,
>
>I would like to ask if it is possible to deny access to a specific
>server group for a group of users who have access to all servers by
>default.
>Example: operators group have access to all servers , but I would like
>to deny access for them for a specific subset of servers which are
>highly secure.
>Is that possible and if yes , how can it be configured ?
>
>Thank You,
>i roman
>_______________________________________________
>FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>To unsubscribe send an email to
>freeipa-users-le...@lists.fedorahosted.org
>Fedora Code of Conduct:
>https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>List Archives:
>https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>Do not reply to spam on the list, report it:
>https://pagure.io/fedora-infrastructure
--
Computers amplify human error
Super computers are really cool
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure