On ti, 11 joulu 2018, cdknight via FreeIPA-users wrote:
Thanks for the responses. Therefore, I will instead have to restrict access to the Web UI either by creating an HBAC rule (this is my understanding of what to do), and instead allowing them access a secondary self-service UI like https://github.com/ubccr/mokey. While this secondary software may not be the most stable, it will have to do (as long as basic functions work) until FreeIPA implements their own solution.
There is currently no plan to allow self-service view to be completely isolated. As explained, it is not practical and not possible in a typical FreeIPA deployment as the same information is accessible by other, user-authenticated, means.
Adding an HBAC rule will not help since access to Web UI is not controlled with HBAC.