When the Who category in HBAC/SUDO rules is set to Anyone, the list of users and groups should become empty. Currently that's not the case.
Steps to reproduce: 1. Go to Policy -> HBAC -> HBAC Rules. 2. Open an existing HBAC rule. 3. Make sure there are users/groups under the Who category. 4. Set the category to Anyone. 5. Click Update, the category will revert back to 'Specified Users and Groups' and the users/groups are not deleted.
Similar problem happens in Sudo rules, in step #5 the category is changed to Anyone but the users/groups are not deleted.
We decided that this is ok. In HBAC at least it short circuits and doesn't check users/groups.
In the future we may want to add to UI/CLI to notify that this will remove information.
attachment freeipa-rcrit-916-sudo.patch
I talked to Endi about this. The UI already handles this by wiping out the members when the category is set. He noticed that we don't handle the mutual exclusive case for Sudo so I've added that.
master: 2c1f21a[[BR]] ipa-2-2: 4c48881
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=783286
Metadata Update from @edewata: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/01
Login to comment on this ticket.