Hi all, We received a question from one of our auditors about who has the permission to do certain actions in FreeIPA itself. This is managed by the RBAC system: you can for example configure that certain groups are allowed to manage certain parts of FreeIPA.
We currently only have two roles: normal users and admins. Normal users have the default self-service permissions, and admins can do anything within FreeIPA. However, for that last part we cannot figure out how this is specified within FreeIPA. There is no RBAC role that gives admins all permissions. Is the admins group maybe special, in that it is hardcoded to be able to change anything within FreeIPA? -- Remco Kranenburg _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org