freeipa / freeipa.ansible_freeipa / 1.8.4 / module / ipapermission Manage FreeIPA permission Authors: unknown preview | supported by communityfreeipa.ansible_freeipa.ipapermission (1.8.4) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.8.4
collections: - name: freeipa.ansible_freeipa version: 1.8.4
Manage FreeIPA permission and permission members
# Ensure permission NAME is present - freeipa.ansible_freeipa.ipapermission: name: manage-my-hostgroup right: all bindtype: permission object_type: host
# Ensure permission NAME is absent - freeipa.ansible_freeipa.ipapermission: name: "Removed Permission Name" state: absent
name: aliases: - cn description: The permission name string. required: true attrs: description: All attributes to which the permission applies required: false type: list right: aliases: - ipapermright choices: - read - search - compare - write - add - delete - all description: Rights to grant required: false type: list state: choices: - present - absent - renamed default: present description: The state to ensure. required: true action: choices: - permission - member default: permission description: Work on permission or member privilege level. required: false filter: aliases: - extratargetfilter description: Extra target filter required: false type: list rename: aliases: - new_name description: Rename the permission object required: false target: aliases: - ipapermtarget description: Optional DN to apply the permission to required: false subtree: aliases: - ipapermlocation description: Subtree to apply permissions to required: false bindtype: aliases: - ipapermbindruletype choices: - permission - all - anonymous description: Bind rule type required: false memberof: description: Target members of a group (sets memberOf targetfilter) required: false type: list targetto: aliases: - ipapermtargetto description: Optional DN subtree where an entry can be moved to required: false rawfilter: aliases: - ipapermtargetfilter description: All target filters required: false type: list no_members: description: Suppress processing of membership required: false type: bool targetfrom: aliases: - ipapermtargetfrom description: Optional DN subtree from where an entry can be moved required: false object_type: aliases: - type description: Type of IPA object (sets subtree and objectClass targetfilter) required: false targetgroup: aliases: - targetgroup description: User group to apply permissions to (sets target) required: false ipaapi_context: choices: - server - client description: 'The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. ' required: false ipaadmin_password: description: The admin password. required: false ipaapi_ldap_cache: default: true description: Use LDAP cache for IPA connection. type: bool ipaadmin_principal: default: admin description: The admin principal.