On 20.01.2016 14:26, Yogesh Sharma wrote:
Hi,
We have created a user with HBAC Admin permission which has below
permission (Default as provided by IPA):
System: Add HBAC Rule
System: Add HBAC Service Groups
System: Add HBAC Services
System: Delete HBAC Rule
System: Delete HBAC Service Groups
System: Delete HBAC Services
System: Manage HBAC Rule Membership
System: Manage HBAC Service Group Membership
System: Modify HBAC Rule
When I try add below in a new RBAC, it denied the operation as it is
already open for all.
System: Read HBAC Rules
System: Read HBAC Service Groups
System: Read HBAC Services
If we change it to permission, then login is failing.
Please suggest what we need to do so that HBAC admin can search the
HBAC rule in FreeIPA rule.
Hello, which version of IPA do you use?
This has been fixed (workaround).
https://fedorahosted.org/freeipa/ticket/5130
The proper fix requires changes in DS ACI evaluation that should be in
RHEL 7.3
Martin
/Best Regards,/
/__________________________________________
/
/Yogesh Sharma
/
/Email: yks0...@gmail.com <mailto:yks0...@gmail.com> | Web:
www.initd.in <http://www.initd.in/> /
/
/
/RHCE, VCE-CIA, RACKSPACE CLOUD U Certified/
<https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000>
<https://twitter.com/checkwithyogesh>
<http://google.com/+YogeshSharmaOnGooglePlus>
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
