Problems with Access Lists
Richard Passman
rpassman at radime.com
Tue Feb 20 15:57:46 EST 2007
Hi Jeff,
Thanks for the reply, we've been using Argus for nearly 2 years, but
we're about to start offering individual customer access - hence the trials.
Jeff Weisberg wrote:
>| Using version 3.4 this config almost works;
>| (Users file needs an extra entry for the cust2 entry to be valid!)
>
>I do not understand. what do mean by 'needs an extra entry to be valid'?
>are you getting an error message somewhere?
>valid how?
>
>
The last entry in the Users file doesn't seem to work. If I add a dummy
entry (i.e. the cust3 in my users example) the the last but one entry
works... confusing I know - let me try again...
Users File
argus any Top root
staff any Top staff
cust1 any Top:Cust1 cust1
cust2 any Top:Cust2 cust2
Cust2 access doesn't work
if I add an extra dummy entry
i.e.
argus any Top root
staff any Top staff
cust1 any Top:Cust1 cust1
cust2 any Top:Cust2 cust2
cust3 any Top:Cust3 cust3
cust2 now works.
I haven't as yet found in the source, where you read the users file in,
to see if I could find anything
>| i.e.user argus can get to everything,
>| user cust1 can just look at the data for cust1
>
>correct.
>is this not what you expected?
>
>
yes - I was being complete with my explanations :-)
>
>| user cust2 can look and has the buttons for notifys, but gives a
>| permissions error when trying to access the notifylists
>
>the notify-list, un-acked notify-list, and error-log are
>top-level system-wide lists, they are not per object. so
>the per-object acl is not used.
>
>
>
Just as your email came in I found the code in the source that confirms
this.
>but, in your config, you can say:
> shownotiflist: yes
>
>
>
This seems to be on by default.
>and a list of notifications will be listed on each page
>for that particular object.
>
>
>| Using version Dev-20070218 subtle differences
>| user cust1 gets a permissions error when trying to look at its top page
>
>previously, you could not mix and match between the simple-mode and
>extended-mode acl parameters. the current dev code lets you mix and
>match, but a) it hasn't been well tested yet, so there may still be
>some glitches and b) I've changed my mind at least twice recently on
>what exactly happens when mixing and matching.
>
>
>
Ok understand. More than happy to do some testing for you if you do more
revisions. We want to be able to allow the customer to ack their notifys
only but I can see now that this may be difficult to implement.
Thanks
More information about the Arguslist
mailing list