Ticket #2511 adds support for per-domain DNS permissions. Administrator can now assign a user to managedBy attribute to make him able read/write selected DNS zone.
managedBy
To find out if a logged user have read/write privilege to some zone, the following query can be run:
ipa dnszone-find --man-by-users=<user>
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=833517
Master: 14ac219
Metadata Update from @mkosek: - Issue assigned to pvoborni - Issue set to the milestone: FreeIPA 3.0 Beta 2
Login to comment on this ticket.