Filip Kszczot via FreeIPA-users wrote: > Hi, > I'm in the process of trying to set the permissions on our FreeIPA instance > "just right", and for most of the permission types "Extra target filter" does > the job just right. The issue is when it comes to type HBAC Rule - as the > extra target filter only applies to modifying HBAC Rules themselves. I don't > see any option to allow a permission to only target specified memberHosts. > Is there a way to add something akin to target filters for effective > attribute? If not, is there a way to do it properly? > HBAC Rules have memberhost added directly to them. If this was an attribute > given to groups/hosts, it would be easy to filter it this way. Is there any > other way to allow a set of people to manage HBAC rules that only target > hosts they've got permissions to?
I'm not sure I understand the question. A permission is what allows rules to be created or modified. Are you saying you want hosts to be able to manage the rule? rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
