Bug 1254637

Summary: Add ACI and permission for managing user userCertificate attribute
Product: Red Hat Enterprise Linux 7 Reporter: Petr Vobornik <pvoborni>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.2CC: ksiddiqu, mkosek, rcritten
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.2.0-5.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-19 12:05:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
console output with verification steps none

Description Petr Vobornik 2015-08-18 14:32:40 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/5177

"certificate issuer" roles will need write access to users'
userCertificate attribute, so it should be possible to assign
this permission to a role.  Currently there is only a "Modify Users"
permission that allows all attributes to be written.

Note that a similar permission already exists for hosts:
"System: Manage Host Certificates"
Comment 1 Petr Vobornik 2015-08-18 14:43:03 UTC 
fixed upstream


master:
    6b978d74ae36f377c2d4f2cae860ca79b102e3c0 add permission: System: Manage User Certificates 

ipa-4-2:
    7a509980d24b2bd445633026e64db48bb4203ba0 add permission: System: Manage User Certificates
Comment 3 Kaleem 2015-10-12 16:01:41 UTC 
Verified.

IPA Version:
============
[root@dhcp207-115 ~]# rpm -q ipa-server
ipa-server-4.2.0-13.el7.x86_64
[root@dhcp207-115 ~]# 

Please find the attached file for detailed steps of verification.
Comment 4 Kaleem 2015-10-12 16:02:10 UTC 
Created attachment 1082052 [details]
console output with verification steps
Comment 5 errata-xmlrpc 2015-11-19 12:05:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2362.html