Unable to implement a Role Based Access Control (RBAC) or Host Based Access Control (HBAC) policy with in Red Hat's Identity Management (IdM) or IPA Server that meets the following criteria.
- There are two groups of users created in IdM: AppManager & AppDeploy
- Alternatively, the AppManager or AppDeploy could be an individual user or multiple individual users, not requiring the use of a specific group.
- The users of each group are different (no users are able to be a part of one group if they are a part of the other).
- When it's time for an app to be upgraded or patched, or system/app maintenance to occur, AppManager can allow the AppDeploy group the access required to deploy/upgrade the app.
- What is not wanted is for the AppManager members to have complete control over any user and/or complete control over all sudo, RBAC Roles, or HBAC Roles as that could circumvent our security controls.
Red Hat Identity Management (IdM) Server installed on:
- Red Hat Enterprise Linux (RHEL) 7
- Red Hat Enterprise Linux (RHEL) 8
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.