Project

General

Profile

Actions

Feature #401

closed

authorisation

Added by Sandor Szücs almost 14 years ago. Updated over 13 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Authorisation and Policies of the whole system would be the overall goal of this feature.
It has not to be the default, but if this would be configurable you can get the following scenarios, which I would really like to have for client management:

  • A mapping of foreman-/puppet-operator groups to policies. Example: loe_operator can manage hosts with names that match /^loe.*\.domain/ or have the node type loe_clients ( node /^loe.*\.domain$/ inherits loe_clients ).
  • Views filtered by policy. Example: If an loe_operator has no rights to view reports the tab(link) should not be shown.
  • Hosts and nodes filtered by policy. Example: loe_operator does not need to view hosts that do not match /^loe.*\.domain$/ or nodes that do not have the node type loe_clients ( node /^loe.*\.domain$/ inherits loe_clients).

One thing that you can do is to separate IT support into departments. As university we have IT-supporters in all departments. IT-supporters should be able to integrate their managed hosts on their own, but a central IT-staff menber should be able to monitor installed software versions, update the software, change configurations and help IT-supporters if needed.

All the best Sandor


Related issues 1 (0 open1 closed)

Is duplicate of Foreman - Feature #366: Provide a basic authorization infrastructureClosedPaul Kelly08/26/2010Actions
Actions #1

Updated by Ohad Levy over 13 years ago

  • Status changed from New to Duplicate
  • Target version set to 0.1-6

most of these features has been implemented in #366 :-)

Actions

Also available in: Atom PDF