well, according to the freeipa page https://www.freeipa.org/page/Web_UI <https://www.freeipa.org/page/Web_UI>
Web UI has two operation modes: self-service used for regular users limited interface - only information about users default page: user's profile use cases: change or view own information and reset password administration used for members of 'admins' group and users with a role assigned complete interface available Whats the point of giving an individual "User Administrator" role if he/she can not provision users using the Web UI? And if you want to use the ipa user-* commands then you need to actually create a different user admin role that has a write permission to cn=users,cn=accounts as the built-in “User Administrator” doesn’t have it and thus the ipa user-* commands don’t work. Is this a well known bug/limitation? How do you go about providing role assigned principals with means to act upon the privileges they posses? Regards Kristof > On Sep 21, 2018, at 4:12 PM, Florence Blanc-Renaud <[email protected]> wrote: > > On 9/21/18 2:06 PM, kwtygrys via FreeIPA-users wrote: >> Hi >> I am running Freeipa 4.5.4 on Centos 7 server. I created a few users >> hradmin, itadmin, secadmin and assigned them to the built-in special roles >> User Administrator, IT Specialist and IT Security Specialist respectively. >> However every time I try to access the Web UI as one of those users I always >> get the WebUI in self-service mode, ie. I can not take advantage of the >> privileges/permissions these users have. I only get the WebUI administration >> mode when logging in as admin. >> Is there anything I am missing in terms of configuration? > Hi, > IIRC a user has access to the whole WebUI administration when he is a member > of the "admins" group. > > flo > >> Regards >> Kristof >> _______________________________________________ >> FreeIPA-users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
