freeipa

Clone
Source Code
GIT

#2355 [RFE] Allow filter and subtree to be added in same permission
Closed: Fixed None Opened 12 years ago by rcritten.

Closed: Fixed
Reopen Issue

A number of different permission options are mutually exclusive in an attempt to limit the scope of what types of permissions can be made.

Right now it is not possible to specify one with a subtree (target) and a filter (targetfilter). This is not necessary and I think too limiting.

It isn't possible, for example, to create an aci that lets you modify the user password of users (target) except for members of the admins group (targetfilter).

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=788645

Might be a dup of #2281

This is blocking some of the useful permissions, like the ones defined in recent freeipa-users thread. I would like this small but useful fix to happen in the permission refactoring that is being done in scope of FreeIPA 3.4.

Done as a part (or, side effect) of #4034

Metadata Update from @rcritten:
- Issue assigned to pviktori
- Issue set to the milestone: FreeIPA 4.0 - 2013/12
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
low
None
None
None
None
enhancement
None
None
Access control
None
0
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=788645, https://bugzilla.redhat.com/show_bug.cgi?id=893850
None
None
www.freeipa.org/page/V4/Permissions_V2
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.