We are using local authentication as we have a manageable number of accounts that need access. -----Original Message----- From: racktables-users-bounce@xxxxxxxxxxxxx [mailto:racktables-users-bounce@xxxxxxxxxxxxx] On Behalf Of Julson, Jim Sent: Friday, August 10, 2012 7:53 AM To: racktables-users@xxxxxxxxxxxxx; Alexey Andriyanov Subject: [racktables-users] Re: Complex permissions question, help requested Do you mind if I ask whether or not you are using all Local authentication or are you using LDAP by chance? -----Original Message----- From: racktables-users-bounce@xxxxxxxxxxxxx [mailto:racktables-users-bounce@xxxxxxxxxxxxx] On Behalf Of Sears, Paul Sent: Friday, August 10, 2012 8:48 AM To: Alexey Andriyanov; racktables-users@xxxxxxxxxxxxx Subject: [racktables-users] Re: Complex permissions question, help requested Alexey, Thanks. I have a better understanding now and this is what I came up with. The only issue is that I can't seem to figure out how to allow a vendor to display their entire row or rows (page=row&id=x) as it doesn't seem that there is a way to apply a tag to a row. # Admin access allow {$userid_1} allow {IOurAdmins} # Vendor Access Permissions # Restrict specific pages and tabs deny {$page_config} deny {$tab_tags} deny {$tab_rackcode} or {$tab_system} deny {$page_rackspace} and {$tab_edit} deny {$page_rack} and ( {$tab_edit} or {$tab_newrack} or {$tab_tagroller} ) allow {RemoteSupportUsers} and {$tab_default} and ( {$page_index} or {$page_rackspace} ) allow {RemoteSupportUsers} and {$tab_default} and {$page_reports} or {$tab_vendor1} # Vendor1 allow {Vendor1 users} and {$tab_default} and {$page_depot} allow {Vendor1 users} and {Vendor1 managed assets} deny {Vendor1 users} # Vendor2 Support allow {Vendor2 users} and {$tab_default} and {$page_depot} allow {Vendor2 users} and {Vendor2 managed assets} deny {Vendor2 users} # Readonly user can see everything allow {$username_readonly} and {$tab_default} deny {$username_readonly} ________________________________________ From: Alexey Andriyanov [alan@xxxxxxxxxx] Sent: Thursday, August 09, 2012 2:13 PM To: racktables-users@xxxxxxxxxxxxx Cc: Sears, Paul Subject: Re: [racktables-users] Complex permissions question, help requested 09.08.2012 22:37, Sears, Paul пишет: > > allow {$userid_1} or {Admins} > deny {$page_config} > allow {RemoteSupport} and {asset} and {$tab_default} and {$page_index} > and {$page_rackspace} and {$page_depot} and {$page_rack} this rule never matches - you should separate different $page_ tags by OR, not AND. Also, you don't have the 'asset' tag. > > deny {$tab_rackcode} or {$tab_system} or ({$page_rackspace} and > {$tab_edit} ) or ({$page_rack} and {$tab_edit}) or {$tab_newrack} or > {$tab_tagroller} > > allow {$username_vendor1} and {vendor1} and {vendor1 asset} Do you have a tag named 'vendor1 asset' ? If no, this rule won't ever match. > deny {$username_vendor1} > > allow {$username_vendor2} and {vendor2} and {vendor2 asset} deny > {$username_vendor2} > > allow {$username_readonly} and {$tab_default} deny > {$username_readonly} -- Best regards, Alexey The information contained in this e-mail message may be confidential and protected from disclosure. If you are not the intended recipient, any dissemination, distribution or copying is strictly prohibited. If you think that you have received this e-mail message in error, please notify the sender immediately by replying to this message and then delete it from your system.