Hi Martin, FreeIPA version 4.1.0
Will look into the Workaround. Thanks *Best Regards,* *__________________________________________* *Yogesh Sharma* *Email: [email protected] <[email protected]> | Web: www.initd.in <http://www.initd.in/> * *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified* <https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000> <https://twitter.com/checkwithyogesh> <http://google.com/+YogeshSharmaOnGooglePlus> On Wed, Jan 20, 2016 at 7:04 PM, Martin Basti <[email protected]> wrote: > > > On 20.01.2016 14:26, Yogesh Sharma wrote: > > Hi, > > We have created a user with HBAC Admin permission which has below > permission (Default as provided by IPA): > > System: Add HBAC Rule > System: Add HBAC Service Groups > System: Add HBAC Services > System: Delete HBAC Rule > System: Delete HBAC Service Groups > System: Delete HBAC Services > System: Manage HBAC Rule Membership > System: Manage HBAC Service Group Membership > System: Modify HBAC Rule > > When I try add below in a new RBAC, it denied the operation as it is > already open for all. > > System: Read HBAC Rules > System: Read HBAC Service Groups > System: Read HBAC Services > > > If we change it to permission, then login is failing. > > Please suggest what we need to do so that HBAC admin can search the HBAC > rule in FreeIPA rule. > > > Hello, which version of IPA do you use? > > This has been fixed (workaround). > https://fedorahosted.org/freeipa/ticket/5130 > > The proper fix requires changes in DS ACI evaluation that should be in > RHEL 7.3 > > Martin > > > *Best Regards,* > > *__________________________________________ * > > *Yogesh Sharma * > *Email: <[email protected]>[email protected] <[email protected]> | Web: > <http://www.initd.in/>www.initd.in <http://www.initd.in> * > > *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified* > > <https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000> > <https://twitter.com/checkwithyogesh> > <http://google.com/+YogeshSharmaOnGooglePlus> > > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
