User permissions
Andy
derfley at gmail.com
Thu Apr 19 04:40:06 EDT 2007
I'm working on restricting access for certain users to certain groups. So
far this is all going fine, however I want to stop certain groups been
displayed at all (rather than just not having access to them).
Something like this;
User logged in as "admin" can see displayed in his web browser;
Top
argus
firewall
network1
network2
network3
User logged in as "user1" would see the following in his web browser
Top
firewall
network2
network3
The problem I'm having is stopping the groups been displayed to users that
have no access to them, adding "ac_page: -user1" removes the ability to
browse to the group but they can still see a overview of it. As I need a
user to have access to multiple groups starting them at "Top" seems to
make sense?
And since this installation is currently monitoring over 1500 items I'm
loathed to re-write the entire config if at all possible.
Currently using Argus v3.4
sample of users file and config file below
users
admin <pass> Top root
user1 <pass> Top user1
user2 <pass> Top user2
config
acl_mode: extended
acl_override: root
acl_getconf: root
acl_user: root user1
acl_page: root user1
acl_logfile: root user1
acl_ntfyack: root user1
acl_ntfyackall: root user1
acl_ntfydetail: root user1
acl_ntfylist: root user1
acl_annotate: root user1
Group "Argus" {
acl_annotate: -user1
graph: yes
Service Self/idle {
title: Percent Idle
calc: ave-rate
scale: 0.01
# let someone know when it is time to upgrade h/w
minvalue: 20
messagedn: time to buy faster server
}
Group "firewall" {
acl_page: -user1
}
Group "network1" {
acl_page: -user1
}
Group "network2" {
}
Group "network3" {
}
More information about the Arguslist
mailing list