Denis, I'd have to say security before beauty; number 1 first. I've attempted looking at the code, but it's been so long since I've done anything (and php is so unfamiliar) that it might as well be written in Greek :^). After 1, 3 would be the next security issue, followed by number 2 the "needle in the haystack" problem which as much asthetics as security. Thanks, and let me know how I can help. Don -----Original Message----- From: racktables-users-bounce@xxxxxxxxxxxxx [mailto:racktables-users-bounce@xxxxxxxxxxxxx] On Behalf Of Denis Ovsienko Sent: Wednesday, September 30, 2009 7:42 AM To: racktables-users@xxxxxxxxxxxxx Subject: [racktables-users] Re: Permissions Assistance On Mon, 28 Sep 2009 16:01:02 -0500 Don Greer wrote: [...] > 1. While I can allow users to get into $page_ipv4space and > $page_ipv4, I cannot allow them into $page_ipaddress because the > ownership of a network does not propagate to individual addresses. > Allowing access to ANY $page_ipaddress page will allow them to manually > change the "ip=" value and edit other customer's addresses (Not a Good > Thing (tm)). > 2. There is no method by which to force the filters on individual > pages (or pull-downs) such that users ONLY see their Objects, racks, > etc. associated with a specific tag. This IS handled in a round-about > way on $page_rackspace, where racks owned by people other than the user > are blacked out, but as we grow the datacenter, that too will become a > bit of a needle-in-the-haystack problem. Utilizing the page filters in > a forceful way (e.g. administratively turning on a filter for "Cust1 > Assets" on pages being access by "Cust1 Users") would work much better > and present a cleaner interface for the end user. Ideally this would > also be applied to the pull-downs for Objects, interfaces, etc. > 3. There's no way (I think) to force a tag on objects created by a > user or allow inheritance of permissions in some way. For instance, I'd > like to force any Object created by "Cust1 Users" to have the tag "Cust1 > Assets" forced on. This would allow the user to create his objects for > the equipment he is wanting installed in his cabinet prior to shipping, > alleviating my staff from having to do all this manually. The customer > can then ship the equipment to us and we already know where it goes, how > it's cabled, etc. > > > > There are several other things that have cropped up, but these are the > major issues that are going to prevent me from fully implementing this > package in this environment. Well, I don't have a prompt solution for all of this. These are all good points, which I have already spent time on trying to design. It wasn't really critical for my environment, so I was able to postpone. Let's see, if I can design it better with your feedback. Which one item would you like to address first? -- Denis Ovsienko