I want a role the user snapmgr belongs to that can add, delete snapon group
member users and reset/change their passwords and unlock their accounts
When I login as snapmgr and attempt to reset the password of user snaptestuser1
(member of snapon group), it fails with "Insufficient access: Insufficient
access rights".
What did I miss? What are the minimum permission effective attribs are needed
to be checked?
OK, so I created:
1) A user snapmgr to the be group manager, able to reset passwords of snapon
users (members of the snapon group)
2) A role named snapon-manage, and assigned user snapmgr as the member user
3) A privilege named snapon_management_privileges
4) A permission named snap_user_passwd, assigned to the
snapon_management_privileges privilege, which is assigned to the snapon-manage
role
PERMISSION SETTINGS:
Bind rule type: x permission
Granted rights:
x read
x write
x add
x delete
x all
TARGET:
Type: user
Tagret DN: blank
Member of group: snapon
Effective attributes:
x description
x ipasshpubkey
x homedirectory
x userpassword
x krbprincipalname
x krblastadminunlock
Larry Rosen - Linux System Administrator
JDR Solutions, Inc
8606 Allisonville Road, Suite 245
Indianapolis, IN 46250
www.jdrsolutions.com
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
