Show Table of Contents
31.4. Adding HBAC Service Groups
HBAC service groups can simplify HBAC rules management: instead of adding individual services to an HBAC rule, you can add a whole service group.
To add an HBAC service group, you can use:
- the IdM web UI (see the section called “Web UI: Adding an HBAC Service Group”)
- the command line (see the section called “Command Line: Adding an HBAC Service Group”)
Web UI: Adding an HBAC Service Group
- Select → → .
- Click to add an HBAC service group.
- Enter a name for the service group, and click .
- On the service group configuration page, click to add an HBAC service as a member of the group.
Figure 31.7. Adding HBAC Services to an HBAC Service Group
Command Line: Adding an HBAC Service Group
- Use the
ipa hbacsvcgroup-addcommand to add an HBAC service group. For example, to add a group namedlogin:$ ipa hbacsvcgroup-addService group name:login-------------------------------- Added HBAC service group "login" -------------------------------- Service group name: login - Use the
ipa hbacsvcgroup-add-membercommand to add an HBAC service as a member of the group. For example, to add thesshdservice to thelogingroup:$ ipa hbacsvcgroup-add-memberService group name:login[member HBAC service]:sshdService group name: login Member HBAC service: sshd ------------------------- Number of members added 1 -------------------------
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.