I have done:
- create group Test
- insert user1 in Test
- create Role Tmp
- add get_overrides permission
- add New Super Permission for Group Test
- create user2 with role Tmp AND Observer
- login as user2 and see everything from user1 with the Permissions of Observer
- change the second Role of user2 to Guest and you see only the Overrides
So it’s not the desired behavior?
If the Permissions of the one Role would only apply to the Super Permissions of
that role, I could accomplish my goal with two Roles.
BTW:
If the User does not have the permission to get_tasks but get_reports and tries
to go to scan management -> reports, it fails because of the get_tasks. But if
i login the start page ist the Reports page with content!?!? Bug?
René
> Am 03.05.2016 um 11:12 schrieb [email protected]:
>
> Hi Rene,
>
> we would like to reproduce the behaviour you've reported with the Super
> permissions.
> Can you please list the necessary steps that lead to the described situation,
> like as following:
>
> - create user
> - create role
> - add user to role
> - etc. ...
>
> This would help us a lot to further trace down the problems you are facing.
> Thanks a lot.
>
> Kind Regards,
> Michael Eissele.
>
>
>
> On 02.05.2016 13:51, Rene Behring wrote:
>> No i just can see, modify, start and stop the task with that method
>> but i can’t see the overrides for the task. And I can’t give the other
>> user the permission to see every Task and start/stop/modify them.
>> I thought that i can create a Role with just get_overrides and add a
>> group (with user1 in it) as super permission. The Problem is, that the
>> super permission from the one role also applies to the permission of
>> other roles. Is that intended?
>> Thanks,
>> Rene
>>> Am 02.05.2016 um 11:48 schrieb [email protected]:
>>> Hi Rene,
>>> yes, a user role has "get_overrides" permission by default,
>>> but that only allows him to fetch his own overrides, not the ones of other
>>> users
>>> unless you apply the guide from last email or share the objects manually to
>>> a user.
>>> Since you mentioned that not every task shall be seen by user2,
>>> then you have to apply the reading rights on a manual way, per task.
>>> Follow this guide then:
>>> - in taskview, click on the task (name) that you want to share
>>> - on the bottom of the task details page, you see a box "Permissions for
>>> Task X ", click on the blue star icon to create new permissions.
>>> - the next page shows two options of assigning userrights to the task, go
>>> fo´ the second box "Create Multiple Permissions"
>>> - choose "read" for applying reading rights, or "proxy" if you also want to
>>> apply modification rights (not including deleting permissions)
>>> - then choose the user to whom the rights shall be applied
>>> - the rest of the settings should stay as they are
>>> - done.
>>> Difference to the regular way:
>>> "Create Multiple permissions" saves you time, as it auto-picks all
>>> connected objects,
>>> and apply the appropiate permissions to them automatically.
>>> Does this cover your case maybe?
>>> Kind Regards,
>>> Michael Eissele.
>
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
