Hi Rene,
yes, a user role has "get_overrides" permission by default,
but that only allows him to fetch his own overrides, not the ones of
other users
unless you apply the guide from last email or share the objects manually
to a user.
Since you mentioned that not every task shall be seen by user2,
then you have to apply the reading rights on a manual way, per task.
Follow this guide then:
- in taskview, click on the task (name) that you want to share
- on the bottom of the task details page, you see a box "Permissions for
Task X ", click on the blue star icon to create new permissions.
- the next page shows two options of assigning userrights to the task,
go fo´ the second box "Create Multiple Permissions"
- choose "read" for applying reading rights, or "proxy" if you also want
to apply modification rights (not including deleting permissions)
- then choose the user to whom the rights shall be applied
- the rest of the settings should stay as they are
- done.
Difference to the regular way:
"Create Multiple permissions" saves you time, as it auto-picks all
connected objects,
and apply the appropiate permissions to them automatically.
Does this cover your case maybe?
Kind Regards,
Michael Eissele.
On 02.05.2016 11:27, Rene Behring wrote:
Hey,
well i have seen the mail before but that is not exactly what i want.
The user2 should not see every task/objekt from user1.
Do i have to add the get_override permission to a user with the role
„user“? I thought, that the role „user“ already has that kind of
permission.
Thanks,
René
Am 02.05.2016 um 11:13 schrieb [email protected]:
Hi Rene,
basically you would apply the following type of permission, when a
user shall "read" things;
get_x
while 'x' stands for the object you want to share (tasks, overrides,
reports, etc.).
But here i have a better solution for you- this guide allows you to
define a group,
where all members share their objects within this group. This would
(if i understood you correct)
cover your case where two users can share their stuff within. No user
from "outside" of the group
would be able to see or change objects- on the other way round, if you
plan to add another user
to the table, then you can just add him to the group and then he can
see the stuff of user1 and user2.
To activate object sharing within a specified group, please take the
following steps:
- "admin-1" creates a group, named "group-1"
- after the group was created, go into details view of that group and
write down or copy the "RessourceID" of that group (Upper right
position, looking something like this:
6f81128f-ca84-4a1d-9f28-a9b4b6da6686). We need this ressourceID later
on.
- Due to security reasons, "admin-1" is not able to add himself into
this group. So for that we log in as a Superadmin and use this account
to add "admin-1" into "group-1"
- Logged back in as "admin-1", we can now add users to this group,
like "user1", "user2" and "user3"
- we then move to the permissions dialogue and let "admin-1" create a
permission with the settings as follows:
-- Name: super (has super access)
-- Subject: Group ("group-1")
-- RessourceID: <-Ressource-ID-of-"group-1"->
-- RessourceType (for super permissions): Group
- after these steps, "admin-1" is able to see all objects of users
user1-3 and also the users see each others objects.
I hope this is of any help for you.
Kind Regards,
Michael Eissele.
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
