#4555 [RFE] Allow UI and CLI to be scoped by group
Opened 5 years ago by dpal. Modified 3 years ago

It should be possible to create loosely isolated environments in IPA so that a member of a specific group can only see a subset of entries in UI and CLI depending on which group he belongs to.

The main use case is multitenant environments like OpenStack.

Consider using new permissions framework for this.

The scope & benefit is very tricky for this one - it sounds dangerously close to http://www.freeipa.org/page/V3/Multitenancy proposal.

To be scoped in 4.3 time frame.

Metadata Update from @dpal:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5 backlog

3 years ago

Login to comment on this ticket.