Chris Cowan via FreeIPA-users wrote: > Reading through the docs carefully, but I'm just wondering if anyone else has > done this, and if there are any "gotchas" I have to worry about?
It depends on what you mean by manage. There are two privileges for group management by default: Group Administrators and Modify Group membership. You can create a new role with these two to constrain things. Off the top of my head there is no default way to prevent management of POSIX vs non-POSIX groups. I'm not entirely sure it's possible. The general flow is permissions -> privileges -> roles. So if those two privileges are too wide you may be able to create a new one (or several) restricting to only the permissions you want to allow. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
