The permission is required for DNS Administrators as realm domains object is updated when a master zone is added.
https://fedorahosted.org/freeipa/ticket/4423 -- Martin Kosek <mko...@redhat.com> Supervisor, Software Engineering - Identity Management Team Red Hat Inc.
From 87278e622bb5d80fcb5a406f30873726b13ab73c Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Fri, 4 Jul 2014 09:32:08 +0200 Subject: [PATCH] Add Modify Realm Domains permission The permission is required for DNS Administrators as realm domains object is updated when a master zone is added. https://fedorahosted.org/freeipa/ticket/4423 --- ipalib/plugins/realmdomains.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ipalib/plugins/realmdomains.py b/ipalib/plugins/realmdomains.py index 08d3a6a7857766e1c1d6fc4225b5d3a605c9f869..c53340591bd0f0f02fcc9db3142b74197aff551b 100644 --- a/ipalib/plugins/realmdomains.py +++ b/ipalib/plugins/realmdomains.py @@ -79,6 +79,14 @@ class realmdomains(LDAPObject): 'objectclass', 'cn', 'associateddomain', }, }, + 'System: Modify Realm Domains': { + 'ipapermbindruletype': 'permission', + 'ipapermright': {'write'}, + 'ipapermdefaultattr': { + 'associatedDomain', + }, + 'default_privileges': {'DNS Administrators'}, + }, } label = _('Realm Domains') -- 1.9.3
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
