FreeIPA server 4.1.3 on CentOS 7 I am trying to create a set of privileges or roles that will allow me to create a user who has read-only access to as much of the FreeIPA web UI as possible. Basically my manager want the type of view into FreeIPA that they have in AD using the 'AD Users and Computers program).
I note that there are quite a few read permission in the permissions list. I tried creating a new privilege called Read Only Administrator and giving them all the permission that have read only in the name. For some reason I can add all other system and full access permissions but when I try to add a read only permission I get the following error : invalid 'permission': cannot add permission "System: Read HBAC Rules" with bindtype "all" to a privilege This applies not just the HBAC rule, but anything that has Read in the name. How do I create a read only user without getting this error message? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project