Bug 1272214
Summary: | [RFE] Create a local per system report about who can access that IDM client (attestation) | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Jakub Hrozek <jhrozek> |
Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> |
Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | atolani, cobrown, dpal, dsirrine, enewland, fcami, fidencio, grajaiya, jfenal, jgalipea, jhrozek, lslebodn, maygupta, mkosek, mzidek, pbrezina, sgoveas |
Target Milestone: | rc | Keywords: | FutureFeature |
Target Release: | --- | Flags: | dsirrine:
needinfo+
|
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | sssd-1.16.0-7.el7 | Doc Type: | Enhancement |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-04-10 17:09:10 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1467835 |
Description
Jakub Hrozek
2015-10-15 19:09:17 UTC
I agree this is a nice RFE, but I also think we should implement the critical enhancements first. Hello Team, Do we have any update on this RFE ? Regards Mayur Gupta (In reply to Mayur from comment #6) > Hello Team, > > Do we have any update on this RFE ? > > Regards > > Mayur Gupta Not at this point, it's still a stretch goal for 7.4 Note that the topic of IdM attestation report was split to 3 RFEs: * Bug 1272214: [RFE] Create a local per system report about who can access that system (attestation) (included SSSD) * Bug 1491802 - [RFE] Central report who can ran which sudo commands on which systems (attestation) (included in IdM Server) * Bug 1492993 - [RFE] Central report that will show who can access which systems (attestation) (included in IdM Server) Proposed user story for this client part: As an owner of a system I need to know which users have access to a host. I want to run something on the host and get a report who can access it via which means and services. (In reply to Martin Kosek from comment #22) > Proposed user story for this client part: > > As an owner of a system I need to know which users have access to a host. I > want to run something on the host and get a report who can access it via > which means and services. At the same time, I think it makes much more sense to concentrate on the server-side report at least for 7.5 (if we can still make it..), I think the client-side report has much less value in a centralized environment. The correct hashes are ... - master: * be804178d5e5fee64be2b080e73f4ce7b0074f76 * c6cf752337f5977ce3753b7113dc1a2342c86319 * 2754a8dcfa937d45b024a2e57419248bfd4c4919 * e737cdfa225e0d455c0e574bcb82c2cc16a17d9d * 6211a202301e6f61d46cdb2bf0be332a70c7fdea * 3ee8659bc6a77a78bc6c61b9650a36bd18ea95c8 Verified against sssd-1.16.0-11.el7.x86_64. [root@vm-idm-013 db]# sssctl access-report Missing option: Specify domain name. Usage: sssctl access-report DOMAIN [OPTIONS...] Command options: Help options: -?, --help Show this help message --usage Display brief usage message [root@vm-idm-013 db]# sssctl access-report testrelm.test 1 rules cached Rule name: allow_all User category: all Service category: all (In reply to Dan Lavu from comment #38) > Verified against sssd-1.16.0-11.el7.x86_64. > > > [root@vm-idm-013 db]# sssctl access-report > Missing option: Specify domain name. > > Usage: sssctl access-report DOMAIN [OPTIONS...] > > Command options: > > Help options: > -?, --help Show this help message > --usage Display brief usage message > > [root@vm-idm-013 db]# sssctl access-report testrelm.test > 1 rules cached > > Rule name: allow_all > User category: all > Service category: all I hope there will be more cases covered in integration test :-) Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:0929 |