Red Hat Summit Red Hat SummitSupportoConsoleSviluppatoriInizia una provaContatti

Questo contenuto non è disponibile nella lingua selezionata.

10.2. Defining Self-Service Settings

Self-service access control rules define the operations that an entity can perform on itself. These rules define only what attributes a user (or other IdM entity) can edit on their personal entries.

10.2.1. Creating Self-Service Rules from the Web UI
Copia collegamento

  1. On the IPA Server tab in the top menu, select the Role-Based Access Control Self Service Permissions subtab.
  2. Click Add at the top of the list of the self-service access control instructions.

    Figure 10.1. Adding a Current Self-Service Rule

    Adding a Current Self-Service Rule
    View larger image
    Adding a Current Self-Service Rule
  3. Enter the name of the rule in the pop-up window. Spaces are allowed.

    Figure 10.2. Form for Adding a Self-Service Rule

    Form for Adding a Self-Service Rule
    View larger image
    Form for Adding a Self-Service Rule
  4. Select the check boxes by the attributes which this ACI will permit users to edit.
  5. Click the Add button to save the new self-service ACI.

10.2.2. Creating Self-Service Rules from the Command Line
Copia collegamento

A new self-service rule can be added using the selfservice-add command. These two options are required:
  • --permissions to set which permissions – such as write, add, or delete – the ACI grants
  • --attrs to give the full list of attributes which this ACI grants permission to. 
[jsmith@server ~]$ ipa selfservice-add "Users can manage their own name details" --permissions=write --attrs=givenname --attrs=displayname --attrs=title --attrs=initials
-----------------------------------------------------------
Added selfservice "Users can manage their own name details"
-----------------------------------------------------------
    Self-service name: Users can manage their own name details
    Permissions: write
    Attributes: givenname, displayname, title, initials
Copy to Clipboard Toggle word wrap

10.2.3. Editing Self-Service Rules
Copia collegamento

In the self-service entry in the web UI, the only element that can be edited is the list of attributes that are included in the ACI. The check boxes can be selected or deselected.

Figure 10.3. Self-Service Edit Page

Self-Service Edit Page
View larger image
Self-Service Edit Page
With the command line, self-service rules are edited using the ipa selfservice-mod command. The --attrs option overwrites whatever the previous list of supported attributes was, so always include the complete list of attributes along with any new attributes. 
[jsmith@server ~]$ ipa selfservice-mod "Users can manage their own name details" --attrs=givenname --attrs=displayname --attrs=title --attrs=initials --attrs=surname
--------------------------------------------------------------
Modified selfservice "Users can manage their own name details"
--------------------------------------------------------------
Self-service name: Users can manage their own name details
Permissions: write
Attributes: givenname, displayname, title, initials
Copy to Clipboard Toggle word wrap
Important
Include all of the attributes when modifying a self-service rule, including existing ones.
Torna in cima
Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Theme

© 2025 Red Hat