[racktables-users] Re: Permission

> I want a policy like this:
> 
> user 10000 ${allow 10000}

I'm afraid this syntax isn't implemented yet... ;)

> to only see taged as "foobar" and have only "read" access, no write at
> all, is that possible?

The following would do the trick:

1. Only permit viewing pages with any stuff (objects, networks, etc)
tagged "foobar" on them.

allow {$userid_10000} and {foobar} and {$tab_default}
deny {$userid_10000}

2. Allow viewing everything in the system, but limit the scope of
objects shown to "foobar".

allow {$userid_10000} and {$page_object} and {$tab_default} and {foobar}
deny {$userid_10000} and {$page_object}
allow {$userid_10000} and {$tab_default}

3. Allow only viewing and only "foobar" objects, but add the object
summary view for convenience.

allow {$userid_10000} and {$tab_default} and
(
 ({$page_object} and {foobar}) or
 {$page_objects}
)
deny {$userid_10000}

I hope it helps.

-- 
    Denis Ovsienko

Other related posts: