Control Access plugin

Wayne Workman

@Fernando-Gietz Great job. Does this hide elements or prevent them from being rendered, or do they really not have access to those things? A curl of the missing button would not work?

Fernando Gietz

Thanks Wayne!!
Actually I am having problems with the edit rule option and the logic is not developed yet, but the initial idea is not render the elements.

Fernando Gietz

Good news!!!
I finished the beta version of Access Control Plugin.

When you install the plugin, the installation will create two default roles: Administrator and Technician.

The installation process will create a big number of default rules (38).

Actually the rules have two types: MAIN_MENU and SUB_MENULINK. The first ones are the top tool bar icons, and the second ones are the lateral menus. In the second case, sub_menulink, if you don’t define the node value, the rule will apply to all pages (nodes). If you define the node, the rule will apply only to this node.

From this page you can link a multiple rules to one role.
And, finally, the installation process will associate the Administrator role to fog user.

From the principal Access Control plugin page you can see the role list, add new role, list all rule and add new rule. In the role menu you can edit it, delete it, see the membership and see the rule that are associated to this role.

Membership page:

Rule association:

In these last images we can see that the “user5” has the Technician role and this role have 7 rule associated (5 main menu and 2 sub_menulink)

In this screenshot you can see the rules that are being applied for “user5”:

And in this one you can see that the sub_menulink rules (in the image page doesn’t appear the multicast and the list option) in action:

Wayne Workman

@Fernando-Gietz Amazing work. Even if this only hides the elements and isn’t truly secure - this will put guardrails around accounts and allow Administrators to give access to lower tier employees. You’ve done great work here using what you had to work with.

If we could integrate an optional MFA plugin (utilizing Google Authenticator) to protect the gates, this would be more safe. Because even if a lower tier employee has bad password habits & their credentials are compromised, MFA should prevent their FOG account from being compromised.

Tom Elliott

@Wayne-Workman It hides the work, meaning the data isn’t even available to ‘enact’ upon. The element purely doesn’t display, so you can’t do anything with it.

There could be ways around it of course, but that would always be the case.

Tom Elliott

Added the plugin to the plugins in the working branch.

falko

This is great, thanks

How can I hide the plugin Pushbullet Management?

Fernando Gietz

It is easy
AccessControl Plugin -> add new rule

Rule Type: MAIN_MENU
Parent: main
Node: (empty)
Rule Value: pushbullet

After do this, you need associate this rule to the role.

falko

@Fernando-Gietz said in Control Access plugin:

pushbullet

thanks for this, however when I try to click the ‘Add Rule’ button the page refreshes and goes to the fog dashboard page. And when I look at the rules it did not get added. any ideas?

I am on 1.4.0 RC5

Fernando Gietz

Hi falco,

sorry for my late answer, I don’t see this message until now.

With the new version of FOG 1.4.0-RC-12 I don’t have problems when I add a new rule.

Fernando Gietz

Well , I find a little bug XD in the plugin. I have fixed it and in the new version will be fixed.

BUG: When you try to install the plugin, the install process give an error and the installation doesn’t finish.

Status: Bug fixed

falko

@Fernando-Gietz just got around to checking this, and yes all working with 1.4.0-RC-14

gjo

@fernando-gietz Hello,

I would like to know about the “Searches: Limit the range of the search to the resources of one or more locations. The restricted user only can see the hosts, groups, images that are link or associated to his/her location/locations.”

How is it possible to do it? In the Location plugin, we can only put informations about Storage.