Disable default permissions that would break our privacy policy

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
author: Patrick Uiterwijk <puiterwijk@redhat.com> 2017-01-03 10:54:17 +0000
committer: Patrick Uiterwijk <puiterwijk@redhat.com> 2017-01-03 10:54:17 +0000
commit: 0d3d6838a23e2dc9111eb95b4b87e6abed568816 (patch)
tree: 886edefd0771244732de97b0a957a49c69ee63bf /roles/ipa/server/files
parent: dd5d253afea333b31a02ef4ba4a005fcc7dfaf99 (diff)
download: ansible-0d3d6838a23e2dc9111eb95b4b87e6abed568816.tar.gz
ansible-0d3d6838a23e2dc9111eb95b4b87e6abed568816.tar.xz
ansible-0d3d6838a23e2dc9111eb95b4b87e6abed568816.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/roles/ipa/server/files/configure-ipa.sh b/roles/ipa/server/files/configure-ipa.sh
index 33515910e..0b62940a9 100644
--- a/roles/ipa/server/files/configure-ipa.sh
+++ b/roles/ipa/server/files/configure-ipa.sh
@@ -15,3 +15,8 @@ do
     echo "Removing $line"
     ipa selfservice-del "$line"
 done
+
+# Disable default permissions so we don't break our privacy policy
+ipa permission-mod "System: Read User Addressbook Attributes" --bindtype=permission
+
+# TODO: Add custom permissions to grant specific access to user attributes
author	Patrick Uiterwijk <puiterwijk@redhat.com>	2017-01-03 10:54:17 +0000
committer	Patrick Uiterwijk <puiterwijk@redhat.com>	2017-01-03 10:54:17 +0000
commit	0d3d6838a23e2dc9111eb95b4b87e6abed568816 (patch)
tree	886edefd0771244732de97b0a957a49c69ee63bf /roles/ipa/server/files
parent	dd5d253afea333b31a02ef4ba4a005fcc7dfaf99 (diff)
download	ansible-0d3d6838a23e2dc9111eb95b4b87e6abed568816.tar.gz ansible-0d3d6838a23e2dc9111eb95b4b87e6abed568816.tar.xz ansible-0d3d6838a23e2dc9111eb95b4b87e6abed568816.zip