Feature #139
per host authorization for making changes.
| Status: | Assigned | Start: | 12/18/2009 | ||
|---|---|---|---|---|---|
| Priority: | Normal | Due date: | |||
| Assigned to: |  Paul Kelly |
% Done: | 60% |
||
| Category: | Authorization | ||||
| Target version: | 0.1-6 | ||||
| Branch: |
Description
Another wide ranging feature request:
We have a large and distributed operational team, and we like to be able to let users manage their own servers.
However, we do not wish to allow users to manage their own desktops and laptops in terms of specifying additional classes etc.
Ideally we could have some kind of rule based authorization system that could make use of host fact values, that would allow us to do this sort of thing, written in pre-caffeine-pseudo-code.
if $admin_user is in LDAP group "foo" and $machine_type "desktop": allow administration
if $admin_user is in $machine_owners and $machine_type "server": allow administration
Even more ideally, users would have two views in Foreman, one to simply view all hosts, and the other to view all hosts that they had administrative rights over.
Related issues
| related to Feature #73: add support for user groups | Closed | 03/04/2010 | 03/04/2010 | |
| related to Feature #170: Create a usergroup implementation | Closed | 03/03/2010 | ||
| blocked by Feature #366: Provide a basic authorization infreastructure | Ready For Testing | 08/26/2010 |
History
Updated by Paul Kelly 2 months ago
- Category set to Authorization
- Status changed from New to Assigned
- % Done changed from 0 to 60
In the process of porting the Redmine security implementation over to Foreman. Thanks, and respect, go to Eric Davis, Jean-Philippe Lang, and the rest of the team over on the Redmine project.
