Menu
▾
▴
#2 Role Based Access Control
It would be extremely useful to be able to add users to a groups, and then control what devices that group is able to view / alter through port control and device control. Personally, specifying devices by subnets would be most useful, and each user being able to exist within multiple groups.
Ticket moved from /p/netdisco/feature-requests/107/
Can't be converted:
Restrict by:
I like the concept of a "Domain" and "Groups" with the domain being an arbitrary identifier not tied to IP addressing or anything device specific. For example "Domain 1" or "Domain 2". While I believe the group should be based upon something network specific such as prefix / subnet. I also think groups should support nesting or sub-groups based upon their identifier, for example subnet 10.1.0.0 is part of the larger subnet 10.0.0.0. Role based access ideally would apply to both Domains and Groups first checking the Domain then the most specific group.
Supporting Domains would allow for overlapping address space. Groups would enable segregation within Domains.
However, even with both Domains and Groups I believe multi-tenant installs should use a separate database per tenant to ensure data separation.
Ticket moved from /p/netdisco/netdisco2/2/
As requested, I am adding my comments about this. I would like to see role based access control added to Netdisco. I have people on my IT staff that I would like to restrict down to bouncing ports only. This way they have the ability to troubleshoot without having access to accidentally change a port description or something worse.
thanks, and again thank you for the hard work that has been done making a great product!