Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#2 Role Based Access Control

new
nobody
2014-02-24
2010-09-13
Phoenix
No

It would be extremely useful to be able to add users to a groups, and then control what devices that group is able to view / alter through port control and device control. Personally, specifying devices by subnets would be most useful, and each user being able to exist within multiple groups.

Discussion

  • Oliver Gorwits
    Oliver Gorwits
    2013-10-06

    Ticket moved from /p/netdisco/feature-requests/107/

    Can't be converted:

    • _milestone:
    • _priority: 5
     
  • Oliver Gorwits
    Oliver Gorwits
    2013-10-07

    • labels: Front-End Enhancements --> Web, Wishlist
    • Milestone: -->
     
  • Oliver Gorwits
    Oliver Gorwits
    2013-10-09

    • Status: open --> new
     
  • Oliver Gorwits
    Oliver Gorwits
    2014-02-23

    Restrict by:

    • Subnet
    • Device
    • Individual Port Control actions
     
  • Eric A. Miller
    Eric A. Miller
    2014-02-24

    I like the concept of a "Domain" and "Groups" with the domain being an arbitrary identifier not tied to IP addressing or anything device specific. For example "Domain 1" or "Domain 2". While I believe the group should be based upon something network specific such as prefix / subnet. I also think groups should support nesting or sub-groups based upon their identifier, for example subnet 10.1.0.0 is part of the larger subnet 10.0.0.0. Role based access ideally would apply to both Domains and Groups first checking the Domain then the most specific group.

    Supporting Domains would allow for overlapping address space. Groups would enable segregation within Domains.

    However, even with both Domains and Groups I believe multi-tenant installs should use a separate database per tenant to ensure data separation.