How to add a new user role in Glu console

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

How to add a new user role in Glu console

nezha
Hello,

I'm facing to a small issue, I'd like to add a new user and give him read-only rights

the user must be able to show only the default dashboard and see which version of applications are installed on every agents.

I have used "release rights" but my user can't connect anymore to the console.

I'm wondering if there is a way to add a new user role. Do you have any idea ?


Thanks in advance.

Regards,
Nezha
Reply | Threaded
Open this post in threaded view
|

Re: How to add a new user role in Glu console

frenchyan
Administrator
The "USER" role has very limited set of privileges (by default) and they are all read-only. This is what you should use.

Yan
Reply | Threaded
Open this post in threaded view
|

Re: How to add a new user role in Glu console

nezha
I dont think so , because with "user" provilege we can redeploy/undeploy/start and stop

we can also execute all the cammands available on each agent and it's not what we want.

the role must have privileges to only show the version installed .


thanks

Nezha


Reply | Threaded
Open this post in threaded view
|

Re: How to add a new user role in Glu console

sodul
I just tried with a 'User' and the console does let me select a plan or type in a command but when I click 'Execute' I get "You do not have permission to access this page.".

Reply | Threaded
Open this post in threaded view
|

Re: How to add a new user role in Glu console

sodul
In reply to this post by nezha
The fine tune access you want is unfortunately not possible with Glu out of the box. You can restrict to Read-Only with USER (I double checked a minute ago), but not limit users to specific fabrics.

What I do is have 2 consoles. One for Dev/QA, the other for production. In the first one, everyone has RELEASE privileges, in the other one a short list of people have RELEASE privileges.

We also front Glu deployments with Jenkins which has a much finer access control. We have Jenkins jobs that allows to deploy/redeploy or simply load a new model. Each job can have per user restrictions which makes this work well for us.

Now that Glu 5.3.x includes the fabric name as part of the url it might be possible for you to front Glu with nginx and have it do access control based on username and url, though this would probably be somewhat clunky.

Reply | Threaded
Open this post in threaded view
|

Re: How to add a new user role in Glu console

frenchyan
Administrator
4.5.0:

"""
This release contains a refactoring of the authorization framework in order to be able to change the authorization levels via configuration as well as being entirely customizable via plugins.
"""

Please check the release notes and the link provided for information on how to either change the security level or use your own plugin to do what you want to do.

You can use those plugin hooks:

User management
UserService_pre_authenticate: called before authentication
UserService_post_authenticate: called after authentication
UserService_pre_authorize: called before authorization
UserService_post_authorize: called after authorization
UserService_pre_restAuthenticateAndAuthorize: called before REST authentication and authorization flow
UserService_post_restAuthenticateAndAuthorize: called after REST authentication and authorization flow

Yan