Hi all, just a small question about access control in FreeIPA which bomb my head around a few days: - is there any possibility to restrict ACI permissions in FreeIPA to limit their impact to another groups/users?
We have a theoretical situation, let's suppose that we have the permission "Manage User Password", this permission included in privilege, than in Role and Role should be assigned. When we assign this role to Account1, this account could change password for any user in this realm (let it be "freeipa.test.lab"). So, in details my question is - can we somehow limit permission for account1 to make this permission works only for target group of users? lets imagine that we have a branch and administrator in this branch which should change passwords only for users in this branch. I know that another instance of FreeIPA and maybe trusts between these 2 instances could work, but firstly I wish to solve this task in the simple way. Thanks in advance. _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
