make it possible to set/unset/change an owner of vault container. e.g. with a new command.
Reasons:
vault-takeownership --user someuser --targetuser=""
The original plan was to have container management commands:
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1258965
FreeIPA 4.2.1 was released, moving to 4.2.2.
master:
ipa-4-2:
Vault container ownership can be managed by new commands:
vaultcontainer-show [--service <service>|--user <user>|--shared ] vaultcontainer-del [--service <service>|--user <user>|--shared ] vaultcontainer-add-owner [--service <service>|--user <user>|--shared ] [--users <users>] [--groups <groups>] [--services <services>] vaultcontainer-remove-owner [--service <service>|--user <user>|--shared ] [--users <users>] [--groups <groups>] [--services <services>]
Permissions works in a way as follows:
- Add new "Vault administrators" privilege. Vault administrators will have unrestricted access to vaults and vault containers, including the power to add/remove owners of vaults and vault containers. - Remove the ability of vault owners to add/remove other vault owners. If vault owner needs to be changed, vault administrator has to do it. Note that vault owners will still have the ability to add/remove vault members. - When adding new vault container, set owner to the current user. If vault container owner needs to be changed, vault administrator has to do it. - Allow adding vaults and vault containers only if the owner is set to the current user.
Metadata Update from @pvoborni: - Issue assigned to pvoborni - Issue set to the milestone: FreeIPA 4.2.2
Login to comment on this ticket.