In v2 we are adding more fine-grained access control per the many
requests we had in v1. v1 only provided the ability to grant permission
to write a fixed set of user attributes from group A to group B.
We're looking for feedback on the types of access control that the IPA
users require in order to create some use-cases and help us design a
workable GUI for managing access control:
- I want to control who can add users
- I want to set the list of attributes for self-service
- I want hosts to be able to manage the certificates of its services
We're particularly interested in the details, such as how you want to
differentiate user A from user B when determining who can write what.
Freeipa-devel mailing list