Thanks. So when I see an example like on this post: //www.freelists.org/post/racktables-users/Permissions-Assistance How does each next line relate to the one above? On his permissions he has listed: # Global Permissions for Customers deny {$tab_tags} deny {$page_ipv4space} and {$tab_manage} deny {$page_rack} and ( {$tab_tags} or {$tab_design} or {$tab_edit} ) deny not {customer admin} and not {$tab_default} allow {$tab_default} and ( {$page_index} or {$page_rackspace} or {$page_ipv4space} or {$page_ipaddress} ) # Customer Specific Permissions allow {Cust1 Users} and {Cust1 Assets} allow {Cust2 Users} and {Cust2 Assets} How do I read that? I figure a line such as deny {$page_ipv4space} and {$tab_manage} means access to the ipv4space page and deny access to the manage tab, but how does that denial line get associated with the others? You mention its a firewall rule sort of thing. Do I read it downwards? Meaning anything below a line gets the rules from above? So the first two lines for the admin user and Administrators group have no restrictions above them while the all cust1 and 2 user lines read the permissions above them, so in that case all the denials? On Thu, Aug 9, 2012 at 9:36 AM, Alexey Andriyanov <alan@xxxxxxxxxx> wrote: > Try to consider the permissions script as firewall rules. > > The current context (a packet in firewall terms) is sequentially compared to > each rule (line in permissions script). > If it matches, the action specified in rule takes place (allow or deny) and > the process stops. > > The current context is a set of tags originated from the currently logged-in > user, an entity being viewed, and navigation data (current page and tab > name). > > So the rules like > > allow {$userid_1} > allow {$username_jack} > > unconditionally allow any context containing tags {$userid_1} or > {$username_jack}, which makes them the power-users. > > But the rule > > Allow {$username_user} and {$tab_default} > > allows anything to user named 'user' when he is on 'default' tab. The > default tab never contains controls to modify the DB, so the user has > read-only permissions if there is no other allowing rules below. > > > 09.08.2012 16:32, James Geiger пишет: > >> I have been reading through the posts about user IDs and permissions >> and don't quite understand how they work. >> >> To add a user I understand. I go to Main page : Configuration : >> Local users and I enter the name and the password. >> >> What I am unsure of is the whole permissions part of the tool. How >> does it work? >> >> On the Permissions section of the wiki: >> >> http://wiki.racktables.org/index.php/RackTablesAdminGuide#Permission_configuration_examples >> >> It has a simple example of adding a power user: >> >> Admin and power user >> >> allow {$userid_1} >> allow {$username_jack} >> >> How does that mean jack is a power user? What makes the difference or >> what is a power user? >> >> I have seen other examples from posts about adding read only users: >> >> Allow {$username_user} and {$tab_default} >> >> How does that mean the user is a read only? >> >> Does each line signify a new user permission? >> >