Split the hosts into 2 groups, regular and special_access. Put regular operators into a
non-posix group, regular_operators, and make a different group, special_operators, for
those people.
Disable the allow_all rule. Create a regular access rule with regular hosts and regular
users. Create a special access rule for special hosts and users.
If special access users can also use regular hosts, add that group to the regular rule as
well.
On April 19, 2022 4:20:42 AM EDT, iulian roman via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
Hello Everybody,
I would like to ask if it is possible to deny access to a specific
server group for a group of users who have access to all servers by
default.
Example: operators group have access to all servers , but I would like
to deny access for them for a specific subset of servers which are
highly secure.
Is that possible and if yes , how can it be configured ?
Thank You,
i roman
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to
freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
--
Computers amplify human error
Super computers are really cool