I want a role the user snapmgr belongs to that can add, delete snapon group member users and reset/change their passwords and unlock their accounts
When I login as snapmgr and attempt to reset the password of user snaptestuser1 (member of snapon group), it fails with "Insufficient access: Insufficient access rights". What did I miss? What are the minimum permission effective attribs are needed to be checked? OK, so I created: 1) A user snapmgr to the be group manager, able to reset passwords of snapon users (members of the snapon group) 2) A role named snapon-manage, and assigned user snapmgr as the member user 3) A privilege named snapon_management_privileges 4) A permission named snap_user_passwd, assigned to the snapon_management_privileges privilege, which is assigned to the snapon-manage role PERMISSION SETTINGS: Bind rule type: x permission Granted rights: x read x write x add x delete x all TARGET: Type: user Tagret DN: blank Member of group: snapon Effective attributes: x description x ipasshpubkey x homedirectory x userpassword x krbprincipalname x krblastadminunlock Larry Rosen - Linux System Administrator JDR Solutions, Inc 8606 Allisonville Road, Suite 245 Indianapolis, IN 46250 www.jdrsolutions.com -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project