#5075 Adding a privilege to a permission avoids validation
Closed: Fixed None Opened 8 years ago by rcritten.

If you try to add a permission with a bindtype of all to a privilege you'll (correctly) get an error:

$ ipa privilege-add-permission --permissions "System: Read HBAC Rules" "HBAC Administrator"
ipa: ERROR: invalid 'permission': cannot add permission "System: Read HBAC Rules" with bindtype "all" to a privilege

You can work around this in the UI by going into RBAC -> Permissions -> "Sstem: Read HBAC Rules" and select privileges and add it to "HBAC Administrator" that way. It will succeed.

It does so because it uses the non-CLI command permission_add_member which doesn't include the bindtype test.


master:

  • a619a1e Validate adding privilege to a permission

ipa-4-2:

  • 652eb08 Validate adding privilege to a permission

Metadata Update from @rcritten:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.2.1

7 years ago

Login to comment on this ticket.

Metadata