Control Access plugin
-
Good news!!!
I finished the beta version of Access Control Plugin.When you install the plugin, the installation will create two default roles: Administrator and Technician.
The installation process will create a big number of default rules (38).
Actually the rules have two types: MAIN_MENU and SUB_MENULINK. The first ones are the top tool bar icons, and the second ones are the lateral menus. In the second case, sub_menulink, if you don’t define the node value, the rule will apply to all pages (nodes). If you define the node, the rule will apply only to this node.
From this page you can link a multiple rules to one role.
And, finally, the installation process will associate the Administrator role to fog user.
From the principal Access Control plugin page you can see the role list, add new role, list all rule and add new rule. In the role menu you can edit it, delete it, see the membership and see the rule that are associated to this role.
Membership page:
Rule association:
In these last images we can see that the “user5” has the Technician role and this role have 7 rule associated (5 main menu and 2 sub_menulink)
In this screenshot you can see the rules that are being applied for “user5”:
And in this one you can see that the sub_menulink rules (in the image page doesn’t appear the multicast and the list option) in action:
-
@Fernando-Gietz Amazing work. Even if this only hides the elements and isn’t truly secure - this will put guardrails around accounts and allow Administrators to give access to lower tier employees. You’ve done great work here using what you had to work with.
If we could integrate an optional MFA plugin (utilizing Google Authenticator) to protect the gates, this would be more safe. Because even if a lower tier employee has bad password habits & their credentials are compromised, MFA should prevent their FOG account from being compromised.
Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
Daily Clean Installation Results:
https://fogtesting.fogproject.us/
FOG Reporting:
https://fog-external-reporting-results.fogproject.us/ -
@Wayne-Workman It hides the work, meaning the data isn’t even available to ‘enact’ upon. The element purely doesn’t display, so you can’t do anything with it.
There could be ways around it of course, but that would always be the case.
-
Added the plugin to the plugins in the working branch.
-
This is great, thanks
How can I hide the plugin Pushbullet Management?
-
It is easy
AccessControl Plugin -> add new ruleRule Type: MAIN_MENU
Parent: main
Node: (empty)
Rule Value: pushbulletAfter do this, you need associate this rule to the role.
-
@Fernando-Gietz said in Control Access plugin:
pushbullet
thanks for this, however when I try to click the ‘Add Rule’ button the page refreshes and goes to the fog dashboard page. And when I look at the rules it did not get added. any ideas?
I am on 1.4.0 RC5
-
Hi falco,
sorry for my late answer, I don’t see this message until now.
With the new version of FOG 1.4.0-RC-12 I don’t have problems when I add a new rule.
-
Well , I find a little bug XD in the plugin. I have fixed it and in the new version will be fixed.
BUG: When you try to install the plugin, the install process give an error and the installation doesn’t finish.
Status: Bug fixed
-
@Fernando-Gietz just got around to checking this, and yes all working with 1.4.0-RC-14
-
@fernando-gietz Hello,
I would like to know about the “Searches: Limit the range of the search to the resources of one or more locations. The restricted user only can see the hosts, groups, images that are link or associated to his/her location/locations.”
How is it possible to do it? In the Location plugin, we can only put informations about Storage.
