#8114 [RFE] Delegate group membership management
Closed: fixed 4 years ago by abbra. Opened 4 years ago by cheimes.

Request for enhancement

As site administrator , I want to allow specific users to manage group membership so that they can add members to a or remove members from a group.

Implementation details

  • Group membership managers are users or groups of users/services.
  • Group membership managers are stored in a new attribute memberManager in the object classes ipaUserGroup and ipaHostGroup.
  • Group membership managers have write permission to member attribute of groups to add/remove members.
  • New group membership managers are add by ipa group-add-member-manager command and remove by ipa group-remove-member-manager. Only principals with System: Modify Groups permission can add/remove membership managers. Equivalent commands are provided for host groups.

Metadata Update from @cheimes:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/3863
- Issue assigned to cheimes
- Issue tagged with: rfe

4 years ago

master:

  • f0a1f08 Add group membership management
  • 0f4c41a Add tests for member management

ipa-4-8:

  • 3d54897 Add group membership management
  • fd10eaa Add tests for member management

Metadata Update from @abbra:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

4 years ago

Metadata Update from @abbra:
- Custom field changelog adjusted to It is now possible to associate group managers with the groups. Group managers have rights to add and remove members of the individual group rather than being administrators for every group.
- Issue set to the milestone: None (was: FreeIPA 4.8.2)

3 years ago

Login to comment on this ticket.

Metadata