Hi, I'm in the process of trying to set the permissions on our FreeIPA instance "just right", and for most of the permission types "Extra target filter" does the job just right. The issue is when it comes to type HBAC Rule - as the extra target filter only applies to modifying HBAC Rules themselves. I don't see any option to allow a permission to only target specified memberHosts. Is there a way to add something akin to target filters for effective attribute? If not, is there a way to do it properly? HBAC Rules have memberhost added directly to them. If this was an attribute given to groups/hosts, it would be easy to filter it this way. Is there any other way to allow a set of people to manage HBAC rules that only target hosts they've got permissions to?
//as a side note sorry to list moderators for me previous attempts at sending an email to this list// Filip -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
