#6519 Permission: System: Modify IPA Locations does not allow to add server into a location
Closed: wontfix 5 years ago by rcritten. Opened 7 years ago by pspacek.

Most likely it does not allow to modify server weight.


The ACI grants right to update 'description' attribute of ipaLocationObject entry (if bound as member of 'cn=System: Modify IPA Locations'). In fact it does not grant add of a new ipaLocationObject.

There are separate add/remove permissions for the other operations.

Metadata Update from @pspacek:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5

7 years ago

Metadata Update from @mbasti:
- Issue close_status updated to: None
- Issue set to the milestone: FreeIPA 4.5.1 (was: FreeIPA 4.5)

7 years ago

Metadata Update from @pvoborni:
- Issue set to the milestone: FreeIPA 4.7 (was: FreeIPA 4.5.1)

7 years ago

Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.7.1 (was: FreeIPA 4.7)

5 years ago

FreeIPA 4.7 has been released, moving to FreeIPA 4.7.1 milestone

While I guess confusing this is working as expected. The ACI's allow control over the locations themselves not the servers associated with those locations (which is managed by the server command).

Metadata Update from @rcritten:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

5 years ago

Login to comment on this ticket.

Metadata