If you try to add a permission with a bindtype of all to a privilege you'll (correctly) get an error:
$ ipa privilege-add-permission --permissions "System: Read HBAC Rules" "HBAC Administrator" ipa: ERROR: invalid 'permission': cannot add permission "System: Read HBAC Rules" with bindtype "all" to a privilege
You can work around this in the UI by going into RBAC -> Permissions -> "Sstem: Read HBAC Rules" and select privileges and add it to "HBAC Administrator" that way. It will succeed.
It does so because it uses the non-CLI command permission_add_member which doesn't include the bindtype test.
master:
ipa-4-2:
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1246136
Metadata Update from @rcritten: - Issue assigned to mbasti - Issue set to the milestone: FreeIPA 4.2.1
Login to comment on this ticket.