Split from https://fedorahosted.org/freeipa/ticket/4074
We should allow management of value-based ACIs via permissions.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1113988 (Red Hat Enterprise Linux 7)
There was an increased interest for this feature, we should look at it at FreeIPA 4.2 scope.
Syntax explained in DS documentation.
Note that this one is more complex feature than #4054 and thus should not be done as the first.
The FreeIPA 4.2 was already shaped (see [[milestone:FreeIPA 4.2]] milestone), this does not fit - there are many requests/use cases for this ACI. Pushing out.
If anyone is willing to help and contribute to this one, please let us know!
Moving to 4.4 Backlog - it would be nice to do this one if there is time.
Metadata Update from @pviktori:
- Issue assigned to mbabinsk
- Issue set to the milestone: FreeIPA 4.5 backlog
to comment on this ticket.