#3585 Host administrator privilege lacks certificate access
Closed: Fixed None Opened 10 years ago by rcritten.

The host administrator privilege lacks the ability to manage certificates so a host with a certificate cannot be removed.

To test:

  • Create a new user, tuser
  • ipa role-add-member --user=tuser 'it specialist'
  • ipa host-add test.example.com --force
  • ipa host-del test.example.com (should work)
  • ipa host-del <an enrolled client> (will fail)

I'm guessing that the minimum permissions required are 'revoke certificate' and 'Retrieve Certificates from the CA'


Metadata Update from @rcritten:
- Issue assigned to akrivoka
- Issue set to the milestone: FreeIPA 3.2 - 2013/04-05 (GA)

7 years ago

Login to comment on this ticket.

Metadata