-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 17/10/2005 15:22, Reier Johan R?dland uttered:
web_access for ^/(report|status|emotd|alertprofiles|machinetracker|browse|preferences|cricket)/?
Don't forget: web_access for ^/(vlanPlot|navAdmin)/?
When we put a user in that group he can also change the Traffic Map and save the new layout! Bug??
Yep. I just checked this with Kristian, and it seems to be an unfortunate oversight on our part. The Traffic Map assumes that any authenticated user is an adminstrator :(
Are there some documentation on how to build new groups with different priveleges? What do the different Regular expressions do?
It might not be very well documented, but it should be straightforward.
The /web_access/ privilege is used to grant access to resources on the web server, by matching the URL requested by the browser against the regular expression in the privilege target. If the URL requested by the browser matches any of the regular expressions in the web_access privileges of the user's groups, access is granted. If not, access is denied, and the user is redirected to the NAV login page.
So web_access for ^/(report|status|emotd|alertprofiles|machinetracker|browse|preferences|cricket)/?
grants access to any URL beginning with a slash, followed by any of the pipe separated words, then possibly followed by another slash (I'm assuming you know your regexp here).
What are the use of "Member of the following organizations"?
I don't think this is actually used by any part of NAV right now, but the idea is to use this in the future as an aid to further limit what information users have access to. The organizational tree you can select from is the one that has been entered in editdb, and the same one which is referred to by IP devices registered in the NAV database. Each IP device can belong to a given organizational unit, and so can network prefixes.
So, what we hope to have ready in NAV 3.1 is a system where the administrator(s) can configure privileges which allow users to use the machine tracker to track IP addresses only within the prefixes belonging to their own organizational units, or view detailed information only about IP devices owned by their own organizational units.
I also see a need to maybe map these organizational units to organizational units in an LDAP tree, so that NAV will automatically know which organizational units LDAP-authenticated users belong to.
- -- Morten Vold NTNU ITEA Integrasjonsgruppen
From magnus at ntnu.no Tue Oct 18 12:29:12 2005
From: magnus at ntnu.no (Magnus Nordseth) Date: Tue Oct 18 11:28:36 2005 Subject: [Nav-users] Beginners problem In-Reply-To: 435499E5.9080807@ntnu.no References: 4353F403.4070007@carnet.hr 435499E5.9080807@ntnu.no Message-ID: 20051018092912.GA9208@stud.ntnu.no
Morten Vold:
On a side note: I don't know why the profile module is used in the production release, but one of the original authors of the IP Device Center has promised to look into it.
It is safe to just remove the line import profile
This will be fixed in the next NAV release.