From d2dc1bef0780364f1183a842c4740d1bc24b98bb Mon Sep 17 00:00:00 2001
From: nazunalika <tucklesepk@gmail.com>
Date: Fri, 1 Jan 2021 20:50:00 -0700
Subject: [PATCH] Add missing service account and privs

---
 ansible/playbooks/vars/ipaprivs.yml | 7 +++++++
 ansible/playbooks/vars/svcusers.yml | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/ansible/playbooks/vars/ipaprivs.yml b/ansible/playbooks/vars/ipaprivs.yml
index a1a49b1..dd17ddd 100644
--- a/ansible/playbooks/vars/ipaprivs.yml
+++ b/ansible/playbooks/vars/ipaprivs.yml
@@ -26,3 +26,10 @@ iparoles:
       - "Netgroups Administrators"
     user:
       - hostman
+  - role: IPA User Managers
+    description: Rocky IPA User Managers responsible for idm flow
+    privileges:
+      - "Group Administrators"
+      - "Stage User Administrators"
+      - "User Administrators"
+      - "FAS Agreement Administrators"
diff --git a/ansible/playbooks/vars/svcusers.yml b/ansible/playbooks/vars/svcusers.yml
index 1399637..7387e92 100644
--- a/ansible/playbooks/vars/svcusers.yml
+++ b/ansible/playbooks/vars/svcusers.yml
@@ -14,6 +14,13 @@ svcusers:
     password: ThisIsNotMyPassword1!
     title: System Account - Kerberos Key Manager
     loginshell: /sbin/nologin
+  - name: userman
+    first: User
+    last: Manager
+    email: infrastructure@rockylinux.org
+    password: ThisIsNotMyPassword1!
+    title: System Account - User Manager
+    loginshell: /sbin/nologin
   - name: rockykoji
     first: Koji
     last: Manager