PermissionsΒΆ
Only superuser can modify objects at the moment. Superuser is determined by
django user flag is_superuser
. If you use LDAP authentication, you can set
ldap supergroups with following statement in settings.yaml
:
AUTH_LDAP_USER_FLAGS_BY_GROUP:
is_superuser:
- "cn=superusers,ou=django,ou=groups,dc=example,dc=com"
- "cn=megausers,ou=django,ou=groups,dc=example,dc=com"
Ordinary users can’t edit object and can’t view IPMI credentials
ipmi_hostname
, ipmi_user
and ipmi_hostname
. Ordinary user can view
these protected attributes in following cases:
- Inventory object is assigned to user.
- Inventory object is assigned to one of user’s groups.
- Inventory object is assigned to lab which is assigned to user.
- Inventory object is assigned to lab which is assigned to one of user’s groups.
These permissions are enforced in Web UI and REST API v2. In case of authentication by application token, user is one who issued application token.