On 08/13/2009 12:33 PM, Paul Company wrote:
> You can't prevent new systems, but ...
>
I don't understand this statement.
You cannot currently prevent authenticated users from creating new
system records.
I want everyone who passes the authentication phase to edit systems.
This is the way it presently works.
I just want to lock everyone, but admins, out of distros, profiles,
and repos.
Yes, this is easy, just assign admin ownership to them and do not list
other users in the ownership fields
for those things.
I still don't know if that's possible.
It is.
I feel like I'm communicating clearly what I want to do.
Here is what I want to do:
Allow users listed in user.conf [admins] section to do everything, but
for everyone else:
allow
list on distros, profiles, repos, kickstarts
list/copy/modify/new/remove/save) on systems
deny
everything else (copy/modify/new/remove/save) on distros,
profiles, repos, kickstarts
Can this be done?
Yes or No
Yes.
If yes, how do you do it?
Assign ownership of the distro/profile/repo objects to your admin group
only.
Let other people create systems and the ownership of those system
records will go to them.