OpenVAS users, I got something to work how I wanted it but perhaps there is an easier way?
My wishes: * Have an admin user make all tasks and control everything o Admin user runs tasks and reports results * Have users view tasks and create additional overrides and notes Problems with this: * A regular admin cannot see a regular users overrides or notes without the regular user granting the permissions o A Super Admin user can get around this issue if necessary * Even users in between belonging to the same role and/or group cannot see each other's overrides or notes o I created a few new (non-global) roles, these users by default cannot even see their own role(s) without additional permissions which you cannot set through GSAD * Even the admin user has to grant permissions to an override or note for others to see I cannot get any situation working yet where permissions do not have to be additionally set. So this is what I did: * Created a new role called "SHARE-NOTES-OVERRIDES" without any permissions initially. * Made everybody (including admin) part of this role * The admin user can see the role (because he created it) but to make it visible to the regular user I have manually added the permission (I have a few other roles which have to share this role): omp -u admin -w XXX -Xi "<create_permission><name>get_roles</name><subject id=User role UUID'><type>role</type></subject><resource id=SHARE-NOTES-OVERRIDES uuid'></resource></create_permission>" Now any of those users can create an override/note and then add a permission such as get_overrides to the Role SHARE-NOTES-OVERRIDES making it visible and effective for all. If needed I can use a Super Admin user to intervene if they don't play "nice". Thijs Stuurman Security Operations Center PGP Key-ID: 0x16ADC048 Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 Internedservices - a KPN Company Wielingenstraat 8 | 1441 ZR Purmerend | The Netherlands T: +31(0)299476185 | M: +31(0)624366778 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
