I have been trying to create accounts in FreeIPA that have the same level
of permission as the built-in administrator account.  Basically, I want to
do the equivalent of what you can do in Active Directory by adding someone
to the Domain Administrators group.

We need this because it is not an acceptable security model in our
enterprise to share the built-in admin password between many
administrators.

What is the proper way to do this?

I notice that the built-in roles are DNS Administrator, IT Security
Specialist, IT Specialist, Security Architect, User Administrator, and
helpdesk.  If I give a user all 6 of these roles will they have the
equivalent level of permissions as the admin user or are there things they
still won't be able to do ?


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to