Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1076865
Description of problem: The default included "modify hosts" permission can't truly "modify" hosts. Version-Release number of selected component (if applicable): 3.3.4-3 How reproducible: Always Steps to Reproduce: 1. Create a user that has a role with the "modify hosts" permission 2. Attempt to modify a host: [fedora@ipa01 ~]$ ipa host_mod testbox.example.com --random Actual results: ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the 'userPassword' attribute of entry 'fqdn=testbox.example.com,cn=computers,cn=accounts,dc=example,dc=com'. Expected results: Update succeeds and I receive a new OTP Additional info: At a minimum, I'd like to be able to specify a userclass and set a new OTP
For the Foreman Smart Proxy, we've created a script to add all the permissions we need, this is a fairly comprehensive role that should support most aspects of managing hosts:
http://projects.theforeman.org/projects/foreman/wiki/IPASmartProxyUser
Maybe it's useful for this issue.
master:
The 'Host Enrollment' + 'Host Administrators' privileges should now grant all the necessary rights.
Metadata Update from @mkosek: - Issue assigned to pviktori - Issue set to the milestone: FreeIPA 4.0 Backlog
Login to comment on this ticket.