On 12/12/2013 11:38 PM, Adam Young wrote: > On 12/12/2013 04:26 PM, Stephen Ingram wrote: >> Is it possible to restrict user to say a DNS Administrator role for only one >> domain in the system? >> >> Steve >> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > > Yes. Read up here. > > http://adam.younglogic.com/2012/02/dns-managers-in-freeipa/
... or you can use the dnszone-add-permission command to have a per-zone permission with almost zero effort. This command was introduced in FreeIPA 3.0, it will create a permission that will give the assigned users read/write/delete access to specified zone and it's records. See http://fedoraproject.org/wiki/QA:Testcase_freeipav3_dns_delegation for testing instructions. HTH, Martin _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users