- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Is it possible in NIOS to grant admin access based on a attribute for a specific set of networks
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
I have a read-only role called Juno that is defined for a group of users. In our extensible attributes I have created an attribute for networks called Division and have defined it with a list that has all of our divisions.
For a specifc number of subnets I would like to allow those in the Juno role to be able to administer to the networks that have the Division attribute set at DOT.
Is this possible or do I have to update the Permissions tab for each network that they would administer to and then set the Juno group to Read/Write?
Re: Is it possible in NIOS to grant admin access based on a attribute for a specific set of networks
[ Edited ]- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
17 hours ago - last edited 17 hours ago
To allow users in the Juno role to administer only the networks with the Division attribute set to DOT, you'll typically need to use a combination of role-based access control (RBAC) and specific permissions.
Here are a few potential approaches:
Attribute-Based Access Control (ABAC): If your system supports ABAC, you could define a policy that grants read/write access to users in the Juno role for networks where the Division attribute equals DOT. This way, you wouldn't have to update each network's permissions individually.
Dynamic Role Assignment: Some systems allow you to create dynamic roles based on attributes. If your platform supports it, you could create a rule that dynamically assigns users in the Juno role read/write permissions for networks with the specified Division attribute.
Manual Permissions Update: If neither ABAC nor dynamic role assignment is supported, you may need to manually update the Permissions tab for each subnet. This would involve setting the Juno group to Read/Write for those specific networks.
Group-Based Permissions: If your system allows for group-based permissions, consider creating a new group specifically for administering DOT networks and assigning the Juno users to that group with appropriate permissions.
Scripts or Automation: If the permissions need to be applied to many networks and manual updates are impractical, consider writing a script (if your system supports it) to automate the permission updates based on the Division attribute.