On 27.09.2016 17:16, Prashant Bapat wrote:
RBAC Role "User Administrator" should have access to all users OTP
tokens. Specifically to remove if some one has lost their token. We
get this a lot.
I found no permissions that give this access.
Can someone explain if this can be added easily either from the WebUI
or CLI.
Thanks.
--Prashant
Hello,
OTP related access control is bounded with token owner and token
manager, we don't have any system permission created for that.
Feel free to open ticket (just for deleting OTP):
https://fedorahosted.org/freeipa/newticket
We will see if it is feasible.
You can create your own permission in RBAC tab in permissions section
and assign this to User Administrator privilege but be careful with
extending permissions related to OTP, it may open an attack vector.
http://www.freeipa.org/page/V4/OTP#Permissions
Martin^2
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project