https://bugzilla.redhat.com/show_bug.cgi?id=801931 (Red Hat Enterprise Linux 6)
Description of problem: Right now it does not look as though there is a way to restrict access for users so that they can only edit specific zones. In a large enough organization it is unreasonable to expect that there are not different groups responsible for maintaining different zones. Version-Release number of selected component (if applicable): ipa-server-2.1.3-9.el6.x86_64 How reproducible: Always Steps to Reproduce: 1. Install IPA 2. update dns entries permission to users 3. Try to restrict access to specific domains Actual results: No way to limit access Expected results: There should be a way to limit access Additional info: Even better would be the ability to go so far as to edit a specific PTR/A/CNAME record. This might be useful for self service scenarios where a user has been given a static lease in order to allow them to update their dns name on their own. For an A record, allow them to change the name but not the ip address, and so on.
attachment freeipa-mkosek-277-per-domain-dns-record-permissions.patch
Patch freeipa-mkosek-277-per-domain-dns-record-permissions.patch sent for review
master: 52f69aa
Metadata Update from @mkosek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 3.0 Beta 2
Login to comment on this ticket.