Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1076865
Description of problem:
The default included "modify hosts" permission can't truly "modify" hosts.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create a user that has a role with the "modify hosts" permission
2. Attempt to modify a host:
[fedora@ipa01 ~]$ ipa host_mod testbox.example.com --random
ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the
'userPassword' attribute of entry
Update succeeds and I receive a new OTP
At a minimum, I'd like to be able to specify a userclass and set a new OTP
For the Foreman Smart Proxy, we've created a script to add all the permissions we need, this is a fairly comprehensive role that should support most aspects of managing hosts:
Maybe it's useful for this issue.
The 'Host Enrollment' + 'Host Administrators' privileges should now grant all the necessary rights.
Metadata Update from @mkosek:
- Issue assigned to pviktori
- Issue set to the milestone: FreeIPA 4.0 Backlog
to comment on this ticket.
Copyright © 2014-2018 Red Hat
4.0.3 — Documentation