[Freeipa-users] fine-grained access control feedback

[Rob Crittenden]

In v2 we are adding more fine-grained access control per the many 
requests we had in v1. v1 only provided the ability to grant permission 
to write a fixed set of user attributes from group A to group B.

We're looking for feedback on the types of access control that the IPA 
users require in order to create some use-cases and help us design a 
workable GUI for managing access control:

Things like:
- I want to control who can add users
- I want to set the list of attributes for self-service
- I want hosts to be able to manage the certificates of its services

We're particularly interested in the details, such as how you want to 
differentiate user A from user B when determining who can write what.

thanks

rob