"certificate issuer" roles will need write access to users'
userCertificate attribute, so it should be possible to assign
this permission to a role. Currently there is only a "Modify Users"
permission that allows all attributes to be written.
Note that a similar permission already exists for hosts:
"System: Manage Host Certificates"
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1254637
Metadata Update from @ftweedal:
- Issue assigned to pvoborni
- Issue set to the milestone: FreeIPA 4.2.1
to comment on this ticket.