Unimus
Page tree

Versions Compared

Old Version 4

changes.mady.by.user Erik Ksenic

Saved on

compared with

New Version Current

changes.mady.by.user Viliam Tkacik

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Object access policies are located in the User Management view, where only the Admin role can access and manage them. The following four options are available for configuration:

Base access

...

All objects:

  • User see sees all object without any kind of restriction outside of his role.

No objects:

  • User do does not see any objects except of for those, of which is the owner

All objects with tag exceptions:

  • User see sees all objects except of for those, which are tagged by tags which are used in exceptions inside of this policy

No objects with tag exceptions:

  • User see sees no objects except of for those, which are tagged by tags which are used in exceptions inside of this policy

After creation of new access policy it’s possible to add tags to policies which support an tag exceptions by entering the edit mode followed by moving a tags from “Available tags” table to “Tag exceptions”.

Assigning of specific policy to the account is possible during account creation or by selecting particular account and pressing a “Manage permissions” button what open an window which allow to change an a user role and policy.

Affected features

...

Ownership may have an influence on the accessibility to the various objects, because it have higher priority in comparison to access policies. That mean means even if the access policies is set to ‘No object policies’ user can still see the objects of which is they are the owner. For more information please check Object Ownership

...

Objects to which only direct access per ownership or per set access policy is needed. Such an objects can behave only like visible or invisible to the users.

Here belongsbelong:

  • Backups

  • Devices *

  • Sensitive data stripping

  • Tags

* (information about zone can be hidden and field is in read only mode when user does not have access to such  such zone)

Objects that are accessed by a combination of direct access + access to child objects. Such objects may behave as visible, invisible, or visible only in read-only mode or with limited "write" actions in the case that access to all child objects is not granted.

Here belongsbelong:

  • Backup filters

  • Backups Backup flows

  • MCP presets

  • Network scan presets

  • NMS sync presets

  • Per tag connectors

  • Zones

...

We want user 'Bob' to only have access to the WiFi APs in Unimus.
 For For example, when Bob does a Config search for 'password', he would see results only in configs of the APs.

...

After the tag is created, we create new policy with base access: ‘No objects with tag exceptions’ in “User management > Object access policies” screen.

When the policy existexists, we need to add the ‘AP’ tag into the exceptions per “Edit” by moving tag from ‘Available tags’ to ‘Tag exceptions’.

...

Here are some more examples to better understand how ownership and access policies can affect the visibility and accessibility of objects.

  1. User is owner of the a zone which is tagged by Tag1. Account of user is set with ‘All objects with tag exceptions’ policies in scope of which Tag1 is Tag1 included.
    • Result: User can see zone in read-only mode because he do does not have access to all devices under such a zone. User is still able to add new devices into such a zone.
  2. User have has access to all devices of type ‘HP 1920 switchers’switches’, and only some devices of type ‘HP 1950 switchers’ switches’ (possible to achieve per Access policies or device ownership) and want wants to create a new Backup filter for both device types.
    • Result: User can create backup filter for ‘HP 1920 switchers’ switches’ but ‘HP 1950 switchers’ is switches’ are not even available in the list of Device types because user does not have access to all the devices of this particular device type.
  3. User have has access to all devices of type ‘HP 1920 switchers’switches’, and only some devices of type ‘HP 1950 switchers’ switches’ (possible to achieve per Access policies or device ownership) and edit edits existing Backup filter created for both device types.
    • Result: User can see a filter in ‘Read only’ mode. User is able to open edit window but all options are disabled and device type ‘HP 1950 switchers’ switches’ is not even visible to user.
  4. User want wants to create new Per tag connector. User account is set with ‘No objects with tag exceptions’ policies in scope of which is only Tag2 is included.
    • Result: User is able to create a new Per Tag connector only to Tag2 because he have has access to the tag and also to all the device which are tagged by this tag. After creation user can see in table only this one particular Per-Tag connector because he does not have access to other tags.