Ah I see now. Adding --raw to the end of the privilege-show CLI command shows me that the admins group is a member of that privilege.
Thank you! On Thu, Oct 10, 2019 at 10:36 AM Rob Crittenden <rcrit...@redhat.com> wrote: > Russell Jones via FreeIPA-users wrote: > > Hi all, > > > > I am still exploring my default setup, and have noticed that while the > > "admin" user is a part of the admins and trust admins group, neither the > > user nor those groups have any roles defined on them that I can see. > > > > Where is this special username getting its permissions from? > > > > > > Thanks for the help! > > The group is a direct member of a couple of privileges: > > Host Enrollment > Replication Administrators > > Most of the powers are granted by separate ACIs for the admins group, > notably: > > Admin can manage any entry > Admins can write passwords > Admins can write password policies > ... > and a bunch more. > > rob > > > > > > > _______________________________________________ > > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > > To unsubscribe send an email to > freeipa-users-le...@lists.fedorahosted.org > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > > > >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
