I have been trying to create accounts in FreeIPA that have the same level of permission as the built-in administrator account. Basically, I want to do the equivalent of what you can do in Active Directory by adding someone to the Domain Administrators group.
We need this because it is not an acceptable security model in our enterprise to share the built-in admin password between many administrators. What is the proper way to do this? I notice that the built-in roles are DNS Administrator, IT Security Specialist, IT Specialist, Security Architect, User Administrator, and helpdesk. If I give a user all 6 of these roles will they have the equivalent level of permissions as the admin user or are there things they still won't be able to do ? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
