[tac_plus] Re: Different auth per device per user
Schmidt, Daniel
dan.schmidt at uplinkdata.com
Wed Nov 4 21:22:12 UTC 2009
Were you ever able to fix the problems I found in that patch?
-----Original Message-----
From: tac_plus-bounces at shrubbery.net
[mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Kiss Gabor (Bitman)
Sent: Wednesday, November 04, 2009 1:34 PM
To: Alan McKinnon
Cc: tac_plus at shrubbery.net
Subject: [tac_plus] Re: Different auth per device per user
> Short description:
> I have a need to give a select bunch of users one level of access on
some
> devices and a much more restrictive access everywhere else. How can I
do this?
>
> Longer version:
> My users are divided into 4 roles (1-4) in increasing level of access,
the
> access they get applies to any device they can reach. The network is
broken up
> into core routers, non-core routers and customer hosting switches.
>
> There's a team which configures and installs the customer switches, I
want
> them to be able configure anything on those devices (role 4 in my
setup) but
> to have role 2 on every other device.
>
> I can't quite seem to find a clean way to configure this. The closest
I can
> get is an acl and group just for switches and exclude them from
everywhere
> else.
>
> In an ideal world, this would suit me fine (I know it doesn't work):
>
> acl = hosting_acl { <list> }
> group = hosting_group {
> acl = hosting_acl
> <rules>
> }
> group = role_2 { <rules> }
>
> user = hosting_engineer {
> group = hosting_group
> group = role_2
> }
Maybe this helps you:
http://www.shrubbery.net/pipermail/tac_plus/2007-August/000125.html
Regards
Gabor
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
More information about the tac_plus
mailing list