31.4. Managing IdM privileges in the CLI

Follow this procedure to manage Identity Management (IdM) privileges using the command line (CLI).

Prerequisites

Administrator privileges for managing IdM or the User Administrator role.
An active Kerberos ticket. For details, see Using kinit to log in to IdM manually.
Existing permissions. For details about permissions, see Managing IdM permissions in the CLI.

Procedure

Add privilege entries using the ipa privilege-add command
For example, to add a privilege named managing filesystems with a description:
```
$ ipa privilege-add "managing filesystems" --desc="for filesystems"
```
Assign the required permissions to the privilege group with the privilege-add-permission command
For example, to add the permissions named managing automount and managing ftp services to the managing filesystems privilege:
```
$ ipa privilege-add-permission "managing filesystems" --permissions="managing automount" --permissions="managing ftp services"
```