mattpascoe
commented
9 years ago This one is becoming more important. Finally getting user requests for the same as well as actual use cases at $DAYJOB that require it. Here are more notes:
- each user/group would have the ability to define subnet/ip ranges and masks where the user has access to perform tasks. This also would apply to DNS domains as well.
- need to create a GUI/CLI module for managing this data for users/groups
- Augment the security model to process this additional data against the data coming in.
- additional layer to determine if the ability to view records outside of these limits is allowed. basically if you have view access are you limited to the range or do you get to view all.
- would this ruleset apply to all elements in the security model? add,delete,view,modify etc.. seems the most complete.
- the current GUI for user maint is pretty primitive.. make it better.. somehow.
allow per subnet/ip range access..