PermissionsΒΆ

Only superuser can modify objects at the moment. Superuser is determined by django user flag is_superuser. If you use LDAP authentication, you can set ldap supergroups with following statement in settings.yaml:

AUTH_LDAP_USER_FLAGS_BY_GROUP:
  is_superuser:
    - "cn=superusers,ou=django,ou=groups,dc=example,dc=com"
    - "cn=megausers,ou=django,ou=groups,dc=example,dc=com"

Ordinary users can’t edit object and can’t view IPMI credentials ipmi_hostname, ipmi_user and ipmi_hostname. Ordinary user can view these protected attributes in following cases:

  • Inventory object is assigned to user.
  • Inventory object is assigned to one of user’s groups.
  • Inventory object is assigned to lab which is assigned to user.
  • Inventory object is assigned to lab which is assigned to one of user’s groups.

These permissions are enforced in Web UI and REST API v2. In case of authentication by application token, user is one who issued application token.