Project

General

Profile

Feature #401

authorisation

Added by Sandor Szücs about 8 years ago. Updated about 8 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Authorisation and Policies of the whole system would be the overall goal of this feature.
It has not to be the default, but if this would be configurable you can get the following scenarios, which I would really like to have for client management:

  • A mapping of foreman-/puppet-operator groups to policies. Example: loe_operator can manage hosts with names that match /^loe.*\.domain/ or have the node type loe_clients ( node /^loe.*\.domain$/ inherits loe_clients ).
  • Views filtered by policy. Example: If an loe_operator has no rights to view reports the tab(link) should not be shown.
  • Hosts and nodes filtered by policy. Example: loe_operator does not need to view hosts that do not match /^loe.*\.domain$/ or nodes that do not have the node type loe_clients ( node /^loe.*\.domain$/ inherits loe_clients).

One thing that you can do is to separate IT support into departments. As university we have IT-supporters in all departments. IT-supporters should be able to integrate their managed hosts on their own, but a central IT-staff menber should be able to monitor installed software versions, update the software, change configurations and help IT-supporters if needed.

All the best Sandor


Related issues

Is duplicate of Foreman - Feature #366: Provide a basic authorization infrastructureClosed2010-08-26

History

#1 Updated by Ohad Levy about 8 years ago

  • Status changed from New to Duplicate
  • Target version set to 0.1-6

most of these features has been implemented in #366 :-)

Also available in: Atom PDF