Hi, when a new user is created, she is assigned to the default "ipausers" group. But she can:
1. see the list of all users, at https://server/ipa/ui/#/e/user/search
2. see all the details of any other users, at https://server/ipa/ui/#/e/user/details/another_user
3. for herself, she sees too many info that maybe nobody needs, such as "Car License", in her own landing page
Is it possible to:
A. prevent normal users to see 1. and 2. above
B. customize to remove items not needed in 3. above
?
I checked, looks like:
A. even though we can configure some Roles, Privileges, Permissions, they are all system admins' elevated permissions. There is no way to remove permission from "ipausers".
B. we can configure to disallow users to modify her "Car License" etc, BUT I found no way to not show that item in her landing page.
I googled but can't find anything on the above. Would you help?
Thanks!
On 1/20/20 2:06 AM, John Louis via FreeIPA-users wrote:
Hi, when a new user is created, she is assigned to the default "ipausers" group. But she can:
see the list of all users, at https://server/ipa/ui/#/e/user/search
see all the details of any other users, at https://server/ipa/ui/#/e/user/details/another_user
Hi,
points 1 and 2 are working as expected by design. Users are POSIX users and expected to be visible. Please see: https://pagure.io/freeipa/issue/7204
flo
- for herself, she sees too many info that maybe nobody needs, such as "Car License", in her own landing page
Is it possible to:
A. prevent normal users to see 1. and 2. above
B. customize to remove items not needed in 3. above
?
I checked, looks like:
A. even though we can configure some Roles, Privileges, Permissions, they are all system admins' elevated permissions. There is no way to remove permission from "ipausers".
B. we can configure to disallow users to modify her "Car License" etc, BUT I found no way to not show that item in her landing page.
I googled but can't find anything on the above. Would you help?
Thanks! _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Florence Blanc-Renaud via FreeIPA-users wrote:
On 1/20/20 2:06 AM, John Louis via FreeIPA-users wrote:
Hi, when a new user is created, she is assigned to the default "ipausers" group. But she can:
see the list of all users, at https://server/ipa/ui/#/e/user/search
see all the details of any other users, at
Hi,
points 1 and 2 are working as expected by design. Users are POSIX users and expected to be visible. Please see: https://pagure.io/freeipa/issue/7204
flo
- for herself, she sees too many info that maybe nobody needs, such
as "Car License", in her own landing page
Is it possible to:
A. prevent normal users to see 1. and 2. above
B. customize to remove items not needed in 3. above
?
I checked, looks like:
A. even though we can configure some Roles, Privileges, Permissions, they are all system admins' elevated permissions. There is no way to remove permission from "ipausers".
B. we can configure to disallow users to modify her "Car License" etc, BUT I found no way to not show that item in her landing page.
I googled but can't find anything on the above. Would you help?
Doing #3 would require changes to the UI itself which would mean changing some javascript if you're up to it.
rob
Hi thanks for your reply. I went to
Identity -> Groups -> ipausers -> Settings
then found this group "ipausers" actually is:
Group Type: Non-POSIX
But when I go to
IPA Server -> Configuration:
and tried to delete that "posixaccount" from "Default user objectclasses", and found I can't "Save" that configuration without getting error.
==>> So is there any way to create non-POSIX account, or at least disallow users to see other user at all?
Thanks.
freeipa-users@lists.fedorahosted.org
-
Florence Blanc-Renaud -
John Louis -
Rob Crittenden