Restrict config access to users
Hey Adam (and all),
I asked about this previously but never heard back.
I'd really like a way to give people the ability to see a device but not see the config tab. We've got rancid integration turned on, and I want to give specific users access to see devices, but they shouldn't be able to see the device configs.
Hopefully it would be easy to do (maybe say users with a level of < X can't see that tab)
Thanks!
*Spencer Ryan* | Senior Systems Administrator | sryan@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com
Spencer,
Userlevel <=7 gets you exactly that, afaik.
Tom
On 07/07/2015 20:58, Spencer Ryan wrote:
Hey Adam (and all),
I asked about this previously but never heard back.
I'd really like a way to give people the ability to see a device but not see the config tab. We've got rancid integration turned on, and I want to give specific users access to see devices, but they shouldn't be able to see the device configs.
Hopefully it would be easy to do (maybe say users with a level of < X can't see that tab)
Thanks!
Spencer Ryan* | Senior Systems Administrator | sryan@arbor.net mailto:sryan@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com http://www.arbornetworks.com/
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Yeah. For stupid historical reasons we have numbers, but in reality they mean :
10 = Admin 7 = Global Read (except things which will give you admin, like things with passwords!) 0 = User (can't see anything except what you allow them to see)
adam.
Sent from Mailbird [http://www.getmailbird.com/?utm_source=Mailbird&utm_medium=email&utm...] On 07/07/2015 20:16:49, Tom Laermans tom.laermans@powersource.cx wrote: Spencer,
Userlevel <=7 gets you exactly that, afaik.
Tom
On 07/07/2015 20:58, Spencer Ryan wrote:
Hey Adam (and all),
I asked about this previously but never heard back.
I'd really like a way to give people the ability to see a device but not see the config tab. We've got rancid integration turned on, and I want to give specific users access to see devices, but they shouldn't be able to see the device configs.
Hopefully it would be easy to do (maybe say users with a level of < X can't see that tab)
Thanks!
Spencer Ryan | Senior Systems Administrator | sryan@arbor.net [mailto:sryan@arbor.net] Arbor Networks +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com [http://www.arbornetworks.com/]
_______________________________________________ observium mailing list observium@observium.org [mailto:observium@observium.org] http://postman.memetic.org/cgi-bin/mailman/listinfo/observium [http://postman.memetic.org/cgi-bin/mailman/listinfo/observium]
Doesn't seem to work for me. I just changed my membership and logged in with /debug/ and saw this:
LDAP[Userlevel][Final level: 7]
So it looks like I'm getting global read only, however the config tab still shows up on the devices and I can click on it and see the configs.
*Spencer Ryan* | Senior Systems Administrator | sryan@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com
On Tue, Jul 7, 2015 at 3:21 PM, Adam Armstrong adama@memetic.org wrote:
Yeah. For stupid historical reasons we have numbers, but in reality they mean :
10 = Admin 7 = Global Read (except things which will give you admin, like things with passwords!) 0 = User (can't see anything except what you allow them to see)
adam.
Sent from Mailbird http://www.getmailbird.com/?utm_source=Mailbird&utm_medium=email&utm_campaign=sent-from-mailbird
On 07/07/2015 20:16:49, Tom Laermans tom.laermans@powersource.cx wrote: Spencer,
Userlevel <=7 gets you exactly that, afaik.
Tom
On 07/07/2015 20:58, Spencer Ryan wrote:
Hey Adam (and all),
I asked about this previously but never heard back.
I'd really like a way to give people the ability to see a device but not see the config tab. We've got rancid integration turned on, and I want to give specific users access to see devices, but they shouldn't be able to see the device configs.
Hopefully it would be easy to do (maybe say users with a level of < X can't see that tab)
Thanks!
- Spencer Ryan* | Senior Systems Administrator | sryan@arbor.net
*Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Yep.. now minimum user level is 8 :)
On Tue, Jul 7, 2015 at 10:24 PM, Spencer Ryan sryan@arbor.net wrote:
Doesn't seem to work for me. I just changed my membership and logged in with /debug/ and saw this:
LDAP[Userlevel][Final level: 7]
So it looks like I'm getting global read only, however the config tab still shows up on the devices and I can click on it and see the configs.
*Spencer Ryan* | Senior Systems Administrator | sryan@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com
On Tue, Jul 7, 2015 at 3:21 PM, Adam Armstrong adama@memetic.org wrote:
Yeah. For stupid historical reasons we have numbers, but in reality they mean :
10 = Admin 7 = Global Read (except things which will give you admin, like things with passwords!) 0 = User (can't see anything except what you allow them to see)
adam.
Sent from Mailbird http://www.getmailbird.com/?utm_source=Mailbird&utm_medium=email&utm_campaign=sent-from-mailbird
On 07/07/2015 20:16:49, Tom Laermans tom.laermans@powersource.cx wrote: Spencer,
Userlevel <=7 gets you exactly that, afaik.
Tom
On 07/07/2015 20:58, Spencer Ryan wrote:
Hey Adam (and all),
I asked about this previously but never heard back.
I'd really like a way to give people the ability to see a device but not see the config tab. We've got rancid integration turned on, and I want to give specific users access to see devices, but they shouldn't be able to see the device configs.
Hopefully it would be easy to do (maybe say users with a level of < X can't see that tab)
Thanks!
- Spencer Ryan* | Senior Systems Administrator | sryan@arbor.net
*Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Mike Stupalov http://observium.org/ http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
participants (4)
-
Adam Armstrong -
Mike Stupalov -
Spencer Ryan -
Tom Laermans