Hi Martin,

FreeIPA version 4.1.0

Will look into the Workaround. Thanks

*Best Regards,*

*__________________________________________*

*Yogesh Sharma*
*Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in
<http://www.initd.in/> *

*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*

<https://www.fb.com/yks0000>   <http://in.linkedin.com/in/yks0000>
<https://twitter.com/checkwithyogesh>
<http://google.com/+YogeshSharmaOnGooglePlus>

On Wed, Jan 20, 2016 at 7:04 PM, Martin Basti <mba...@redhat.com> wrote:

>
>
> On 20.01.2016 14:26, Yogesh Sharma wrote:
>
> Hi,
>
> We have created a user with HBAC Admin permission which has below
> permission (Default as provided by IPA):
>
> System: Add HBAC Rule
> System: Add HBAC Service Groups
> System: Add HBAC Services
> System: Delete HBAC Rule
> System: Delete HBAC Service Groups
> System: Delete HBAC Services
> System: Manage HBAC Rule Membership
> System: Manage HBAC Service Group Membership
> System: Modify HBAC Rule
>
> When I try add below in a new RBAC, it denied the operation as it is
> already open for all.
>
> System: Read HBAC Rules
> System: Read HBAC Service Groups
> System: Read HBAC Services
>
>
> If we change it to permission, then login is failing.
>
> Please suggest what we need to do so that HBAC admin can search the HBAC
> rule in FreeIPA rule.
>
>
> Hello, which version of IPA do you use?
>
> This has been fixed (workaround).
> https://fedorahosted.org/freeipa/ticket/5130
>
> The proper fix requires changes in DS ACI evaluation that should be in
> RHEL 7.3
>
> Martin
>
>
> *Best Regards,*
>
> *__________________________________________ *
>
> *Yogesh Sharma *
> *Email:  <yks0...@gmail.com>yks0...@gmail.com <yks0...@gmail.com> | Web:
> <http://www.initd.in/>www.initd.in <http://www.initd.in> *
>
> *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*
>
> <https://www.fb.com/yks0000>   <http://in.linkedin.com/in/yks0000>
> <https://twitter.com/checkwithyogesh>
> <http://google.com/+YogeshSharmaOnGooglePlus>
>
>
>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to