Show Table of Contents
31.4. Adding HBAC Service Groups
HBAC service groups can simplify HBAC rules management: instead of adding individual services to an HBAC rule, you can add a whole service group.
To add an HBAC service group, you can use:
- the IdM web UI (see the section called “Web UI: Adding an HBAC Service Group”)
- the command line (see the section called “Command Line: Adding an HBAC Service Group”)
Web UI: Adding an HBAC Service Group
- Select → → .
- Click to add an HBAC service group.
- Enter a name for the service group, and click .
- On the service group configuration page, click to add an HBAC service as a member of the group.
Figure 31.7. Adding HBAC Services to an HBAC Service Group
Command Line: Adding an HBAC Service Group
- Use the
ipa hbacsvcgroup-addcommand to add an HBAC service group. For example, to add a group namedlogin:$ ipa hbacsvcgroup-addService group name:login-------------------------------- Added HBAC service group "login" -------------------------------- Service group name: login - Use the
ipa hbacsvcgroup-add-membercommand to add an HBAC service as a member of the group. For example, to add thesshdservice to thelogingroup:$ ipa hbacsvcgroup-add-memberService group name:login[member HBAC service]:sshdService group name: login Member HBAC service: sshd ------------------------- Number of members added 1 -------------------------