For security reason (mostly PCI-DSS) I have to print and sign-off access
formular for every users, and also to maintain these formulars in time
which means that every time I add a host to a hostgroup for example, I
should reprint all access formulars for users with access to this
I was wondering if it was possible to develop a feature that would allow
one to select a user(s) from GUI and generate a csv/pdf/whatever file
with all direct and indirect memberships/access for HBAC, groups and
sudo-rule for the selected user(s).
Maybe a first step would be to script something around ipa CLI commands
(not sure if possible to dig into HBAC and groups from CLI though).
What are your thoughts on such need, am I the only one wanting to export
my users privileges directly from the software managing these privileges ?
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code