31.4. Adding HBAC Service Groups
HBAC service groups can simplify HBAC rules management: instead of adding individual services to an HBAC rule, you can add a whole service group.
To add an HBAC service group, you can use:
- the IdM web UI (see the section called “Web UI: Adding an HBAC Service Group”)
- the command line (see the section called “Command Line: Adding an HBAC Service Group”)
Web UI: Adding an HBAC Service Group
- Select
. - Click to add an HBAC service group.
- Enter a name for the service group, and click .
- On the service group configuration page, click to add an HBAC service as a member of the group.
Figure 31.7. Adding HBAC Services to an HBAC Service Group
Command Line: Adding an HBAC Service Group
- Use the ipa hbacsvcgroup-add command to add an HBAC service group. For example, to add a group named
login:$ ipa hbacsvcgroup-add Service group name:
login-------------------------------- Added HBAC service group "login" -------------------------------- Service group name: login - Use the ipa hbacsvcgroup-add-member command to add an HBAC service as a member of the group. For example, to add the
sshdservice to thelogingroup:$ ipa hbacsvcgroup-add-member Service group name:
login[member HBAC service]:sshdService group name: login Member HBAC service: sshd ------------------------- Number of members added 1 -------------------------
