Please note Device Access rules are only applicable to Unimus 2.4 and older releases.
In Unimus 2.5, Device Access rules were replaced by Object Access Policies.
Device Tags can be used to further limit access of accounts.
If an account has no tags defined, it can see all devices.
Affected features
- 'Devices' view
- 'Zones' view
- 'Device Tags' view
- 'Backups' view
- 'Config search' view
- 'Mass config push' view
- 'Credentials' > 'Show usage'
- 'Schedules' > 'Show scheduled tasks'
- 'Other settings' > 'Per-Tag connectors'
- 'Other settings' > 'Sensitive data stripping'
Assigning tags to devices
We can create as many tags as needed using the 'Add' button in the 'Device tags' table.
After a tag is created, we can tag devices with this tag using the 'Tag devices' table.
Selecting a tag and pressing "Un-tag devices" will allow us to remove devices from this tag.
(if an account is already access-limited by tags, they can only Tag/Untag devices with tags they have access to)
On the 'Devices' view, you can also see a clickable Tag icon which allows for tagging/untagging devices.
Tagging devices from Zones
Zones can add tags to all devices that belong to the Zone.
To use this, simply add a tag to a zone in the 'Zones' view, and all devices in that zone will be tagged with the selected tag(s)
Assigning tags to accounts
Tags can be applied for access restrictions to any account, to limit the access of that account only to devices with that tag.
If tags are applied to an account, the account can also only see zones which also have this tag applied in the 'Zones' view.
By default, users have access to all devices present in Unimus.
You can add tag limitations to accounts in the "Device access" table in "User management".
To do this, create rules (account / tag bindings). You can add as many rules as needed to achieve proper access separation.
Usage example
We want user 'Bob' to only have access to the WiFi APs in Unimus.
For example, when Bob does a Config search for 'password', he would see results only in configs of the APs.
First we create user 'Bob' with 'Read-only' access role.
Next we create the 'APs' device tag in "Device tags" screen.
After the tag is created, we give access to the devices with the 'APs' tag to Bob.
We navigate to "User management > Device access", click "Add" and add to Bob's account the 'APs' tag.
Now we need to tag the right devices with the 'APs' tag.
In "Device tags" screen, we select the tag, and press 'Tag devices'.
We add the tag to the appropriate devices.
After this, our 'Bob' user will only see the devices that are tagged with the 'APs' tag when using Config search, or any other Unimus feature.