Project

General

Profile

Feature #1324

ACLs for Parameters need to be more fine grained

Added by Greg Sutcliffe almost 8 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Category:
-
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Currently, a user cannot delete a parameter unless he has permission to delete the whole host. That's not going to work in our infrastructure, and I suspect the same for others too. I want to give lower levels of support the ability to modify a host (including creating or destroying parameters) but not to delete the whole host (along with it's reports, which are valuable).

Furthermore, it probably makes sense to have a similar separation for the classes tab as well - I'd really like to restrict one level of support to parameters only, and the next level to editing (but not deleting) the whole host, and the top level has full access. However, only the parameter ACl is really needed right now.

I'm happy to have a go at this, so this feature request is mainly to remind me :)

Associated revisions

Revision 54358a76 (diff)
Added by Greg Sutcliffe over 7 years ago

fixes #1324 - Separate permssions on hosts from permissions for objects within hosts.

This allows a user to be granted permission to edit the host (and so change the group or proxy) but not, for example, edit the parameters
This could probably be extended further if necessary.

Revision 8fec2c4a (diff)
Added by Ohad Levy over 7 years ago

refs #1324 remove debugging code

History

#1 Updated by Greg Sutcliffe over 7 years ago

  • Assignee set to Greg Sutcliffe
  • Target version set to 1.0
  • % Done changed from 0 to 70

This is ready for merge (tests pass cleanly), but I'm going to roll #1484 into this, so hold off until I get that done.

#2 Updated by Greg Sutcliffe over 7 years ago

  • Status changed from New to Closed
  • % Done changed from 70 to 100

Also available in: Atom PDF