[Netdisco] Port control to different devices for different users

[Jeff F. <net...@fc...>]

Hi all,

We are using apache auth to authenticate users for a read-only view of our
netdisco installation, and I can create a netdisco user with the apache
username to be able to use the port control feature for all switches - all
simple stuff.

What I would like to do is allow certain users to be able to use the port
control features, but only for certain switches. Identifying what switches
a user should be able to control needs to be by the switch's IP address.

I would like to modify the source to do this, however I am under no
illusion that my programming abilities don't stretch that far so I am
looking for some kind of hack.

I could create a new database within Postgres which has VIEWs to the
netdisco database with additional "WHERE ip << inet 'subnet'" to only
display certain devices. There would also be a seperate netdisco frontend
with this database name in the config file. - Each set of users would get
their own instance, and this should work but is very messy.

What would be slightly better is, instead of having an additional
database, to have an additional table in the main database with a list of
usernames and subnets they can control along with somthing like a
Postrgres RULE which applies an additional WHERE clause on each SELECT.
Even this is exceeding my knowledge of Postgres and attempting to create a
rule when issueing select on the device table doesn't work because device
is already populated (It would need to be renamed and device would just be
a rule, but this would then break insert/update etc. the backend daemon
would try and use).

Does anybody have any ideas what I do to get the desired effect?

Cheers,
-Jeff