Open bmfmancini opened 3 years ago
Unless I am wrong I thought the user would inherit the permissions if they were in the group So this user should not be able to see the other default tree since the group permissions are set to revoke access of the others
The workaround is to in the user level set the tree permission to deny then the user can only see the one tree I know the specific user permissions will override the group but the current state any new user would have ALLOW permissions for Graph/Tree/Template
Permissions are additive. So if the user has no permissions and the group does, the user gets those permissions. If the user does have permissions and the group does not, the user keeps permissions.
So in practice then if you have revoke access for trees/graphs etc in the group the admin would need to make sure that the new/existing user would also need to have deny deny permissions
Just double checking i will add that to the doco
Yea, if you want to have a 100% denial by default, the user has to be that way first.
Ok cool I'll make a note on the doco for that
On Thu., Jan. 21, 2021, 22:33 TheWitness, notifications@github.com wrote:
Yea, if you want to have a 100% denial by default, the user has to be that way first.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Cacti/cacti/issues/4078#issuecomment-765097608, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADGEXTGJB4IPL3VT7GKDBVTS3DWZ7ANCNFSM4WN2Z66Q .
Hey Guys,
More regression testing I am finding that when you create a new user and assign that user to a group that has Deny/Dey/Deny the new user will still be able to see the trees/devices/graphs that were denied