[racktables-users] Re: Permissions Assistance
- From: "Don Greer" <Don.Greer@xxxxxxxxxxxxxxxxx>
- To: <racktables-users@xxxxxxxxxxxxx>
- Date: Wed, 30 Sep 2009 08:33:03 -0500
Denis,
I'd have to say security before beauty; number 1 first. I've
attempted looking at the code, but it's been so long since I've done
anything (and php is so unfamiliar) that it might as well be written in
Greek :^). After 1, 3 would be the next security issue, followed by
number 2 the "needle in the haystack" problem which as much asthetics as
security.
Thanks, and let me know how I can help.
Don
-----Original Message-----
From: racktables-users-bounce@xxxxxxxxxxxxx
[mailto:racktables-users-bounce@xxxxxxxxxxxxx] On Behalf Of Denis
Ovsienko
Sent: Wednesday, September 30, 2009 7:42 AM
To: racktables-users@xxxxxxxxxxxxx
Subject: [racktables-users] Re: Permissions Assistance
On Mon, 28 Sep 2009 16:01:02 -0500 Don Greer wrote:
[...]
> 1. While I can allow users to get into $page_ipv4space and
> $page_ipv4, I cannot allow them into $page_ipaddress because the
> ownership of a network does not propagate to individual addresses.
> Allowing access to ANY $page_ipaddress page will allow them to
manually
> change the "ip=" value and edit other customer's addresses (Not a Good
> Thing (tm)).
> 2. There is no method by which to force the filters on individual
> pages (or pull-downs) such that users ONLY see their Objects, racks,
> etc. associated with a specific tag. This IS handled in a round-about
> way on $page_rackspace, where racks owned by people other than the
user
> are blacked out, but as we grow the datacenter, that too will become a
> bit of a needle-in-the-haystack problem. Utilizing the page filters
in
> a forceful way (e.g. administratively turning on a filter for "Cust1
> Assets" on pages being access by "Cust1 Users") would work much better
> and present a cleaner interface for the end user. Ideally this would
> also be applied to the pull-downs for Objects, interfaces, etc.
> 3. There's no way (I think) to force a tag on objects created by a
> user or allow inheritance of permissions in some way. For instance,
I'd
> like to force any Object created by "Cust1 Users" to have the tag
"Cust1
> Assets" forced on. This would allow the user to create his objects
for
> the equipment he is wanting installed in his cabinet prior to
shipping,
> alleviating my staff from having to do all this manually. The
customer
> can then ship the equipment to us and we already know where it goes,
how
> it's cabled, etc.
>
>
>
> There are several other things that have cropped up, but these are
the
> major issues that are going to prevent me from fully implementing this
> package in this environment.
Well, I don't have a prompt solution for all of this. These are all good
points, which I have already spent time on trying to design. It wasn't
really critical for my environment, so I was able to postpone. Let's
see, if I can design it better with your feedback. Which one item would
you like to address first?
--
Denis Ovsienko
Other related posts:
