On Tue, 2018-05-29 at 08:03 -0400, Stephen Gallagher wrote:
We do need to add HBAC rules to the criteria as well (and I thought we did have at least minimal testing for this),
We do, but it probably doesn't hit this. Note the role requirements include "The FreeIPA configuration web UI must be available and allow at least basic configuration of user accounts and permissions", I've been kinda interpreting 'permissions' there to include HBAC.