Hi All, I have created below permission for my "testhostgroup" with the expectation that this permission will only allow write permission to the members of "testhostgroup" but, then it allows me to add/delete other hostgroup members as well. I tried changing the effective attribute to "memberof" instead of "member" but in vain as with that i started getting permission denied error even on testhostgroup itself. *****
ipa permission-add 'testhostgroup-modify' --permission=write --attrs=member --filter='(&(cn=testhostgroup)(objectclass=ipahostgroup ))' -------------------------------------- Added permission "testhostgroup-modify" -------------------------------------- Permission name: testhostgroup-modify Granted rights: write Effective attributes: member Bind rule type: permission Subtree: dc=us-west-2,dc=compute,dc=amazonaws,dc=com Extra target filter: (&(cn= testhostgroup)(objectclass=ipahostgroup ))****** How can i restrict permissions to manage only those hosts which are part of a particular hostgroup? any help you could offer on this would be much appreciated. I could not find much on similar issue in the forum :( Thanks,Deepak
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
