Hi, Are user levels implemented yet ? I know we can assign a level to a specific user when creating it, but is there a way to assign different rights to levels ?
I see *_perms tables in DB, how should they be populated ?
Regards, Benjamin Abadie
On 2013-08-13 16:26, Benjamin Abadie wrote:
Hi, Are user levels implemented yet ? I know we can assign a level to a specific user when creating it, but is there a way to assign different rights to levels ?
I see *_perms tables in DB, how should they be populated ?
You can give a non global user access to individual ports and devices. It's in the edit user menu.
adam.
On 08/13/2013 06:29 PM, Adam Armstrong wrote:
On 2013-08-13 16:26, Benjamin Abadie wrote:
Hi, Are user levels implemented yet ? I know we can assign a level to a specific user when creating it, but is there a way to assign different rights to levels ?
I see *_perms tables in DB, how should they be populated ?
You can give a non global user access to individual ports and devices. It's in the edit user menu.
For information, this doesn't work with LDAP auth. When you grant some user access to a device, everyone get this very same access. Here what's in database :
mysql> select * from devices_perms; +---------+-----------+--------------+ | user_id | device_id | access_level | +---------+-----------+--------------+ | 0 | 11 | 0 | +---------+-----------+--------------+ 1 row in set (0.00 sec)
Well, since only my primary admin user is in the table users and it has ID 1, it makes sense.
Also, how is all of that related to user levels ?
Lastly, a little suggestion : a hybrid (LDAP + local) auth system could be cool. And/or a fallback-to-local system if the LDAP/Radius/whatever fails to respond.
Benjamin
Hmm. User ID should be filled with the LDAP module, allowing this to work. Worked for me with regular LDAP, certainly works for me with AD LDAP.
Do you have a nonstandard schema setup? Did you configure the LDAP properties correctly?
User levels are 1: simple user 5: ? 7: ? 10: admin
Tom
On 14/08/2013 10:56, Benjamin Abadie wrote:
On 08/13/2013 06:29 PM, Adam Armstrong wrote:
On 2013-08-13 16:26, Benjamin Abadie wrote:
Hi, Are user levels implemented yet ? I know we can assign a level to a specific user when creating it, but is there a way to assign different rights to levels ?
I see *_perms tables in DB, how should they be populated ?
You can give a non global user access to individual ports and devices. It's in the edit user menu.
For information, this doesn't work with LDAP auth. When you grant some user access to a device, everyone get this very same access. Here what's in database :
mysql> select * from devices_perms; +---------+-----------+--------------+ | user_id | device_id | access_level | +---------+-----------+--------------+ | 0 | 11 | 0 | +---------+-----------+--------------+ 1 row in set (0.00 sec)
Well, since only my primary admin user is in the table users and it has ID 1, it makes sense.
Also, how is all of that related to user levels ?
Lastly, a little suggestion : a hybrid (LDAP + local) auth system could be cool. And/or a fallback-to-local system if the LDAP/Radius/whatever fails to respond.
Benjamin _______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
participants (3)
-
Adam Armstrong -
Benjamin Abadie -
Tom Laermans