Access Control



  • It is REALLY important that we return to having some level of access control in FOG. In the early versions we could specify whether someone was a full or imaging only user. For years I have been able to let my student helpers reimage laptops whenever there was an issue with our 1:1 student laptops. Now, if I give them an account, they can do anything that I can do, including deleting images, making new users…

    FOG is not a single user system. We need to get back to at least an account that only allows deploying images from the PXE boot if nothing else.

    PLEASE re-add this functionality!

    Brian


  • Senior Developer

    @NT_Tech Access control is a plugin now which has much more use than the “mobile” vs “non-mobile” account.

    FOG was indeed a single user system, from it’s original startup. The only thing that kind of made things different was the mobile interface.

    I want you to understand, mobile interface was it’s OWN element from the main interface. This meant having to update two GUI platforms to ensure all functionality was maintained. When moved to a single interface that could do both mobile and full screen usages, I removed the “mobile only” user type.

    I want to stress, while it wasn’t necessarily intuitive, even in 0.32 a “mobile only” user had exactly the same level of usage as the full admin users. The GUI access was limited and didn’t allow a mobile only user to see anything, but a mobile user could delete items, change things, etc… if they knew the url pathing and calls. They couldn’t see it, but it was not “limited” in the way you thought it was. As the access control plugin was created and managing a single interface made updating and keeping things in a more testable and common way, I decided to remove the “mobile only” option. This was not intended to hurt people who were using the element, but rather there were better things in place that did far better at controlling the scope of things and in a more granular and appropriate fashion.



  • OKAY…I “kind of” solved my issue. If you go into the database and change the uType on an account from 0 to 1, then that user cannot delete anything. I was more concerned about that than anything else. I had hoped a type 2 could image and not access the GUI (mobile user) but then the user cannot image at all. But I am 1/2 way there.

    Maybe the Access Control will be fixed for 1.54 and I can try it again. I am beginning to regret updating past 1.3…but the past is the past.

    Brian



  • @Junkhacker I am using PHPMyAdmin on FOG 1.54 (Ubuntu 16.04 Server) and if I make a user manually the PXE Boot does not allow me to use it to image. I keep getting Invalid Logon.



  • @Junkhacker I really miss the mobile interface! I used to use it whenever I had an issue around the district. I would not have upgraded had I known I was going to loose features…but I am there now. How do I manually add a user into the database? PHPMyAdmin?



  • @Sebastian-Roth I certainly would be willing to help with questions where I can. I have used FOG since .32 and love it. My students use it as well but someone recently deleted an image and I need to restrict their access so I don’t have to rebuild it again!

    Brian



  • Well that would certainly work. How would I enter a user directly into the database?

    I did try the AccessControl Plugin, which would work by simply taking away all items from the “imager” role, but it doesn’t seem to be working.


  • Developer

    @NT_Tech Have you looked into using the access control plugin yet?

    PLEASE re-add this functionality!

    Would you be willing to help us? If it’s not coding than maybe answering those many questions coming up in the forums day by day. That would free up some time for developers then.


  • Developer

    @NT_Tech the mobile interface has been removed, and the “mobile only” user type can’t be made in the interface anymore, but, you can still create that type of user by directly entering it in the database. that user will only be able to use the PXE boot menu.
    i know this is not an ideal solution.


Log in to reply
 

359
Online

6.0k
Users

13.4k
Topics

126.2k
Posts