Great! Thanks for your help. I appreciate it.
Oliver Northam
Lead Technical
[image: Si digital] <
http://sidigital.co/>
Website: sidigital.co | *DDI*: 02393 190 262 | *Office: *02393 190 260
Twitter: @sidgtl <
https://twitter.com/sidgtl> | Facebook: /sidgtl
<
https://facebook.com/sidgtl>
Si digital is the trading name of Something Interesting Limited, registered
in England and Wales. Our registered number is 04270457
The information in this email should be considered confidential unless
otherwise stated.
On 9 February 2018 at 15:17, Rob Crittenden <rcritten(a)redhat.com> wrote:
Oliver Northam wrote:
> Hi Rob,
>
> Thanks!
>
> I see that I have the ability to delete those internal groups. If I
> remove one (editor for example) and recreate it with the same name, will
> it retain the same edit permissions?
I believe admins is the only special group and IIRC it prevents itself
from being deleted.
Pretty much deleting any entry will result in permissions will be dropped.
editors have no special permissions by default though. It is mostly a
legacy group from the original UI though it is used by AD trust to
ensure that the SID generation was successful.
rob
>
> Thanks
>
> On 9 Feb 2018 1:47 pm, "Rob Crittenden" <rcritten(a)redhat.com
> <mailto:rcritten@redhat.com>> wrote:
>
> Oliver Northam via FreeIPA-users wrote:
> > Hello!
> >
> > I'd love to use FreeIPA for all of our auth needs (wifi, samba,
> backups
> > etc) but I'm a little lost on the configuration of the default
> groups.
> >
> > I have my admin user in the 'admins' group and my test user in the
> > 'ipausers' group, but I can't see any permissions or roles or
policies
> > that define permissions in those groups. Logged in as the admin
> user, I
> > can change all settings but as my test user, I cannot change
anything.
> >
> > I also see 'editors' but can't see exactly what permissions
this
> group has.
> >
> > Am I missing something or somewhere where I can change these
> permissions?
>
> admins is treated as a special case and doesn't have explicit roles.
>
> To add permissions for other users/groups add them to a role. A role
has
> certain privileges and privileges have permissions (atomic rights).
>
> rob
>