This is the best explanation of how the users work that I've seen to date. This should be posted on the Racktables website or Wiki (if there is one). I thought I had a good grasp on it before, but being a Network Engineer by trade, this really stuck with me. Thanks so much for this!!! I have to admit, The users/permissions section is probably the one area where within RackTables that above all else, could use a "hug" if you will (In other words, needs some love). For those of us that manage *NIX systems, it's easy enough to grasp, but it could certainly be a little less convoluted for sure. Perhaps a more GUI based solution could be developed that fits more into the standard of creating a local user, or adding an LDAP user, then having a separate space that has groups, roles etc.. I know that's a big task, but boy think of the improvement it would bring! :) Anyhow, not to derail the topic. Very well said once again. Even having used this for a bit of time myself, I feel like I have a much better understanding now. -----Original Message----- From: racktables-users-bounce@xxxxxxxxxxxxx [mailto:racktables-users-bounce@xxxxxxxxxxxxx] On Behalf Of Alexey Andriyanov Sent: Thursday, August 09, 2012 7:37 AM To: racktables-users@xxxxxxxxxxxxx Cc: James Geiger Subject: [racktables-users] Re: Trying to understand how users work Try to consider the permissions script as firewall rules. The current context (a packet in firewall terms) is sequentially compared to each rule (line in permissions script). If it matches, the action specified in rule takes place (allow or deny) and the process stops. The current context is a set of tags originated from the currently logged-in user, an entity being viewed, and navigation data (current page and tab name). So the rules like allow {$userid_1} allow {$username_jack} unconditionally allow any context containing tags {$userid_1} or {$username_jack}, which makes them the power-users. But the rule Allow {$username_user} and {$tab_default} allows anything to user named 'user' when he is on 'default' tab. The default tab never contains controls to modify the DB, so the user has read-only permissions if there is no other allowing rules below. 09.08.2012 16:32, James Geiger пишет: > I have been reading through the posts about user IDs and permissions > and don't quite understand how they work. > > To add a user I understand. I go to Main page : Configuration : > Local users and I enter the name and the password. > > What I am unsure of is the whole permissions part of the tool. How > does it work? > > On the Permissions section of the wiki: > http://wiki.racktables.org/index.php/RackTablesAdminGuide#Permission_c > onfiguration_examples > > It has a simple example of adding a power user: > > Admin and power user > > allow {$userid_1} > allow {$username_jack} > > How does that mean jack is a power user? What makes the difference or > what is a power user? > > I have seen other examples from posts about adding read only users: > > Allow {$username_user} and {$tab_default} > > How does that mean the user is a read only? > > Does each line signify a new user permission? > The information contained in this e-mail message may be confidential and protected from disclosure. If you are not the intended recipient, any dissemination, distribution or copying is strictly prohibited. If you think that you have received this e-mail message in error, please notify the sender immediately by replying to this message and then delete it from your system.