[Freeipa-users] Re: HBAC rules - deny access to a subset of hosts

Tue, 19 Apr 2022 04:47:41 -0700 

Split the hosts into 2 groups, regular and special_access. Put regular 
operators into a non-posix group, regular_operators, and make a different 
group, special_operators, for those people.
Disable the allow_all rule. Create a regular access rule with regular hosts and 
regular users. Create a special access rule for special hosts and users. 
If special access users can also use regular hosts, add that group to the 
regular rule as well.

On April 19, 2022 4:20:42 AM EDT, iulian roman via FreeIPA-users 
<freeipa-users@lists.fedorahosted.org> wrote:
>Hello Everybody, 
>
>I would like to ask if it is possible to deny access to a specific
>server group for a group of users who have access to all servers by
>default. 
>Example: operators group have access to all servers , but I would like
>to deny access for them for a specific subset of servers which are
>highly secure.
>Is that possible and if yes , how can it be configured ?
>
>Thank You, 
>i roman
>_______________________________________________
>FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>To unsubscribe send an email to
>freeipa-users-le...@lists.fedorahosted.org
>Fedora Code of Conduct:
>https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>List Archives:
>https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>Do not reply to spam on the list, report it:
>https://pagure.io/fedora-infrastructure

-- 
Computers amplify human error
Super computers are really cool
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to