the delegation of roles is group based,
root and members of
domains admin group should have the full access permission, other groups are at the beginning only granted to the dashboard, settings (only password change) and about pages.
The only difference between
root and the
domains admin group is about the delegation part, only
root can delegate the roles, we worried about permission escalation if other administrators can grant permission to another group.
Inside the group panel you have two drop down menu like you can see on the screenshots
delegation for sysadmins group
we made a wiki page for those who want to dive inside more
- Install nethserver-cockpit from testing with either samba AD or openldap
- Create a group and delegate roles
- API are pushed to the sudoers file
- Roles are saved in