Advanced permissions/user properties

[Tobias Klausmann]

Hi! 

On Thu, 02 Nov 2006, Alex Burger wrote:
> I have expanded on the Altinity patch by adding a 'can_submit_commands' 
> and 'can_submit_commands_strict' option to contact groups.  The 
> limitation of having a can_submit_commands option on the user is that 
> it's an all or nothing option.  A user is either view-only for all 
> devices, or not.
> 
> I will be using can_submit_commands_strict for people who need to be 
> able to submit commands for the servers and services they manage, but 
> also be able to only view some other servers and devices.  I don't want 
> the users to be able to view ALL devices.
> 
> *can_submit_commands_strict:*  You grant users full access to all or 
> some systems, but want to restrict them from issuing commands for a few 
> devices.
> 
> If a device has multiple contact groups defined and any one of them 
> denies submit commands with can_submit_commands_strict 0, then the user 
> is denied even if the user belongs to a group that permits it.
> 
> *can_submit_commands:*  You grant users read/only access to all systems, 
> but you want to allow the user to issue commands for a few devices.
> 
> With can_submit_commands, if a device has multiple contact groups 
> defined and any one of them allows submit commands, the user can submit 
> commands.  If there was only one contact group listed and it had 
> can_submit_commands set to 0, the user would not be able to submit commands.
> 
> Is this what you are looking for?

I'm not quite sure :)

Actually I'm not sure I understand the functionality you added
correctly. I'll explain what I think I've understood:

The new attribute (..._strict) belongs to contact_groups. If it
is set to 1 on a contactgroup, everything behaves as normal.

If it is set to 0, then no user who's associated with a
hostgroup that is also associated with this contactgroup may
issue commands for that particular host(group).

As this sounds more than counter-intuitive, I strongly suspect
I've misunderstood something.

Please enlighten me. :)

Regards,
Tobias


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null