[racktables-users] Re: Complex permissions question, help requested

• From: "Sears, Paul" <psears@xxxxxxxxxxxxxxx>
• To: Alexey Andriyanov <alan@xxxxxxxxxx>, "racktables-users@xxxxxxxxxxxxx" <racktables-users@xxxxxxxxxxxxx>
• Date: Fri, 10 Aug 2012 14:47:51 +0000

Alexey,

Thanks.  I have a better understanding now and this is what I came up with.  
The only issue is that I can't seem to figure out how to allow a vendor to 
display their entire row or rows (page=row&id=x) as it doesn't seem that there 
is a way to apply a tag to a row.


# Admin access
allow {$userid_1} 
allow {IOurAdmins}

# Vendor Access Permissions
# Restrict specific pages and tabs

deny {$page_config}

deny {$tab_tags}

deny {$tab_rackcode} or {$tab_system}

deny {$page_rackspace} and {$tab_edit}

deny {$page_rack} and ( {$tab_edit} or {$tab_newrack} or {$tab_tagroller} )

allow {RemoteSupportUsers} and {$tab_default} and ( {$page_index} or 
{$page_rackspace} )
allow {RemoteSupportUsers} and {$tab_default} and {$page_reports} or 
{$tab_vendor1}

# Vendor1
allow {Vendor1 users} and {$tab_default} and {$page_depot}
allow {Vendor1 users} and {Vendor1 managed assets}
deny {Vendor1 users}

# Vendor2 Support
allow {Vendor2 users} and {$tab_default} and {$page_depot}
allow {Vendor2 users} and {Vendor2 managed assets}
deny {Vendor2 users}


# Readonly user can see everything

allow {$username_readonly} and {$tab_default}
deny {$username_readonly}

________________________________________
From: Alexey Andriyanov [alan@xxxxxxxxxx]
Sent: Thursday, August 09, 2012 2:13 PM
To: racktables-users@xxxxxxxxxxxxx
Cc: Sears, Paul
Subject: Re: [racktables-users] Complex permissions question, help requested

09.08.2012 22:37, Sears, Paul пишет:
>
> allow {$userid_1} or {Admins}
> deny {$page_config}
> allow {RemoteSupport} and {asset} and {$tab_default} and {$page_index}
> and {$page_rackspace} and {$page_depot} and {$page_rack}
this rule never matches - you should separate different $page_ tags by
OR, not AND. Also, you don't have the 'asset' tag.

>
> deny {$tab_rackcode} or {$tab_system} or ({$page_rackspace} and
> {$tab_edit} ) or ({$page_rack} and {$tab_edit}) or {$tab_newrack} or
> {$tab_tagroller}
>
> allow {$username_vendor1} and {vendor1} and {vendor1 asset}
Do you have a tag named 'vendor1 asset' ? If no, this rule won't ever match.

> deny {$username_vendor1}
>
> allow {$username_vendor2} and {vendor2} and {vendor2 asset}
> deny {$username_vendor2}
>
> allow {$username_readonly} and {$tab_default}
> deny {$username_readonly}


--
Best regards,
Alexey

• Follow-Ups:
  • [racktables-users] Re: Complex permissions question, help requested
    • From: Julson, Jim

• References:
  • [racktables-users] Complex permissions question, help requested
    • From: Sears, Paul
  • [racktables-users] Re: Complex permissions question, help requested
    • From: Alexey Andriyanov

Other related posts:

• » [racktables-users] Complex permissions question, help requested- Sears, Paul
• » [racktables-users] Re: Complex permissions question, help requested- Alexey Andriyanov
• » [racktables-users] Re: Complex permissions question, help requested - Sears, Paul
• » [racktables-users] Re: Complex permissions question, help requested- Julson, Jim
• » [racktables-users] Re: Complex permissions question, help requested- Sears, Paul

1. Home
2. racktables-users
3. Archive
4. 08-2012

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---