Hi,
On Wed, Dec 7, 2022 at 10:10 PM Martin Gignac via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
Hi,
I've recently gone from an old version of IDM on CentOS 7 to FreeIPA
4.10.1 on Fedora 37. One difference I noticed on FreeIPA is the additional
of the 'member managers' attribute for groups. I initially thought that
adding a user to the 'member managers' attribute of a given group would
allow this user to manage membership for that group in the FreeIPA web GUI,
but when an unprivileged accesses the GUI, all they see are the 'Users' and
'OTP Tokens' tabs. This section of the documentation (
https://freeipa.readthedocs.io/en/latest/designs/membermanager.html)
gives an example of how to do it with the ipa CLI, but I didn't see any
reference to performing the same operation with the GUI.
Is there a way for unprivileged users to use the 'member managers'
functionality in the GUI, or is the feature currently limited to the CLI
and API?
The GUI has 2 different profiles: either "administration" or
"self-service"
(see
https://www.freeipa.org/page/Web_UI).
The self-service profile only displays a subset of information /
operations, while the administration profile allows wider access.
When logging in to the WebUI, the user is directed to the administration
profile if he is a member of the "admins" group or has any role (it even
works if you create an empty role with no permission and add the user to
this empty role).
In your case, I guess that the user doesn't have any role and that explains
why he can't see the administration profile.
Hope this clarifies,
flo
Thanks,
-Martin
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue