On 27.09.2016 17:16, Prashant Bapat wrote:
RBAC Role "User Administrator" should have access to all users OTP tokens. Specifically to remove if some one has lost their token. We get this a lot.

I found no permissions that give this access.

Can someone explain if this can be added easily either from the WebUI or CLI.



OTP related access control is bounded with token owner and token manager, we don't have any system permission created for that.

Feel free to open ticket (just for deleting OTP): https://fedorahosted.org/freeipa/newticket
We will see if it is feasible.

You can create your own permission in RBAC tab in permissions section and assign this to User Administrator privilege but be careful with extending permissions related to OTP, it may open an attack vector.


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to