On 04/12/2013 02:23 AM, Martin Kosek wrote:
> On 04/12/2013 01:07 AM, Chandan Kumar wrote:
>> Hello,
>>
>> I have a question regarding Uer Roles and Access in GUI. What I have found 
>> that
>> irrespective of Role assigned to a user, he gets read only access across the
>> directory. 
>>
>> For example, I created one user say "dnsadmin" with only Roles related to DNS
>> such as DNS Servers, DNS Administrator. Now that user has read only access to
>> entire directory. Is there any way of controlling it? 
>>
>>
>> Thanks,
>> Chandan
>>
> Hello Chandan,
>
> If you create a new role, assign "DNS Administrators" privilege to it, and
> assign that role to user dnsadmin, that user will have write access to DNS 
> tree
> and configuration.
>
> Beyond that tree, dnsadmin will have read-only access just like all other
> non-admin users. If you want dnsadmin to have write access also to other
> entries, you would need to assign more privileges/roles to it.
>
> HTH,
> Martin
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


If you are worried about the read access the LDAP data is traditionally
readable by any authenticated user.
In the past is was even possible to read the tree as anonymous user
which is a bad security practice and not recommended.


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to