I have a user that's a member of the "user administrator" role. When this user
attempts to change
the gid of a user an error occur.
ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the
'gidNumber' attribute of entry
Looking at the privilege "user administrators" attached to the role, and the
users" attached to the privilege, I see that "gidnumber" is not ticked as a
target to allow
"modify users" to write to.
So permissions are handeled correctly, but the write permission to gidnumber is
Is this a bug or intentional?
I would see it as natural that a user admin has access to also change the
gidnumber of a user.
Freeipa-users mailing list