Hi All,
I have created below permission for my "testhostgroup" with the expectation 
that this permission will only allow write permission to the members of 
"testhostgroup" but, then it allows me to add/delete other hostgroup members as 
well. I tried changing the effective attribute to "memberof" instead of 
"member" but in vain as with that i started getting permission denied error 
even on  testhostgroup itself.
*****







ipa permission-add 'testhostgroup-modify' --permission=write --attrs=member 
--filter='(&(cn=testhostgroup)(objectclass=ipahostgroup ))'
--------------------------------------
Added permission "testhostgroup-modify"
--------------------------------------
  Permission name: testhostgroup-modify
  Granted rights: write
  Effective attributes: member
  Bind rule type: permission
  Subtree: dc=us-west-2,dc=compute,dc=amazonaws,dc=com
  Extra target filter: (&(cn= testhostgroup)(objectclass=ipahostgroup ))******
How can i restrict permissions to manage only those hosts which are part of a 
particular hostgroup? any help you could offer on this would be much 
appreciated. I could not find much on similar issue in the forum :(
Thanks,Deepak                                     
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to