Is there documentation thst states explicitly which permissions are granted to the Various built in roles?


Sent via the Samsung GALAXY S® 5, an AT&T 4G LTE smartphone

-------- Original message --------
From: Rob Crittenden <rcrit...@redhat.com>
Date: 11/05/2015  10:18  (GMT-05:00)
To: Freeipa-users@redhat.com, andrew.hol...@gmail.com
Subject: Re: [Freeipa-users] Client enrolment user

Andrew Holway wrote:
Some time ago I saw an article on how to set up a user that can only
enrol clients into freeipa.

Does anyone have information on how to do this because we're currently
using the admin user and this is a bit scary.

Create a role for enrolling hosts and add the privilege 'Host
Enrollment' to it.

Note that 'Host Enrollment' is VERY specific. It only enrolls host. It
will not create host entries. If you want to be able to do that as well
then you'll need the 'Add Hosts' permission. I guess I'd create a new
privilege and add that permission, then add that privilege to the role
you create.

Some folks add the existing 'Host Administrators' privilege instead but
IMHO that is a bit broad.

rob

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project



--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to