[racktables-users] Re: Trying to understand how users work
- From: "Julson, Jim" <jjulson@xxxxxxxxxxxxx>
- To: "racktables-users@xxxxxxxxxxxxx" <racktables-users@xxxxxxxxxxxxx>
- Date: Thu, 9 Aug 2012 14:23:28 +0000
This is the best explanation of how the users work that I've seen to date.
This should be posted on the Racktables website or Wiki (if there is one). I
thought I had a good grasp on it before, but being a Network Engineer by trade,
this really stuck with me. Thanks so much for this!!!
I have to admit, The users/permissions section is probably the one area where
within RackTables that above all else, could use a "hug" if you will (In other
words, needs some love). For those of us that manage *NIX systems, it's easy
enough to grasp, but it could certainly be a little less convoluted for sure.
Perhaps a more GUI based solution could be developed that fits more into the
standard of creating a local user, or adding an LDAP user, then having a
separate space that has groups, roles etc.. I know that's a big task, but boy
think of the improvement it would bring! :)
Anyhow, not to derail the topic. Very well said once again. Even having used
this for a bit of time myself, I feel like I have a much better understanding
now.
-----Original Message-----
From: racktables-users-bounce@xxxxxxxxxxxxx
[mailto:racktables-users-bounce@xxxxxxxxxxxxx] On Behalf Of Alexey Andriyanov
Sent: Thursday, August 09, 2012 7:37 AM
To: racktables-users@xxxxxxxxxxxxx
Cc: James Geiger
Subject: [racktables-users] Re: Trying to understand how users work
Try to consider the permissions script as firewall rules.
The current context (a packet in firewall terms) is sequentially compared to
each rule (line in permissions script).
If it matches, the action specified in rule takes place (allow or deny) and the
process stops.
The current context is a set of tags originated from the currently logged-in
user, an entity being viewed, and navigation data (current page and tab name).
So the rules like
allow {$userid_1}
allow {$username_jack}
unconditionally allow any context containing tags {$userid_1} or
{$username_jack}, which makes them the power-users.
But the rule
Allow {$username_user} and {$tab_default}
allows anything to user named 'user' when he is on 'default' tab. The default
tab never contains controls to modify the DB, so the user has read-only
permissions if there is no other allowing rules below.
09.08.2012 16:32, James Geiger пишет:
> I have been reading through the posts about user IDs and permissions
> and don't quite understand how they work.
>
> To add a user I understand. I go to Main page : Configuration :
> Local users and I enter the name and the password.
>
> What I am unsure of is the whole permissions part of the tool. How
> does it work?
>
> On the Permissions section of the wiki:
> http://wiki.racktables.org/index.php/RackTablesAdminGuide#Permission_c
> onfiguration_examples
>
> It has a simple example of adding a power user:
>
> Admin and power user
>
> allow {$userid_1}
> allow {$username_jack}
>
> How does that mean jack is a power user? What makes the difference or
> what is a power user?
>
> I have seen other examples from posts about adding read only users:
>
> Allow {$username_user} and {$tab_default}
>
> How does that mean the user is a read only?
>
> Does each line signify a new user permission?
>
The information contained in this e-mail message may be confidential and
protected from disclosure. If you are not the intended recipient, any
dissemination, distribution or copying is strictly prohibited. If you
think that you have received this e-mail message in error, please notify
the sender immediately by replying to this message and then delete it
from your system.
Other related posts:
