Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

group and access control is very weird #239

Open
support-tt opened this issue Jul 20, 2023 · 4 comments
Open

group and access control is very weird #239

support-tt opened this issue Jul 20, 2023 · 4 comments

Comments

@support-tt
Copy link

Hello,
i tested the netbird management UI with 3 users.

  1. User has full admin and registered 5 peers
  2. User rights with 1 peer
  3. User rights with 1 peer
    when I login as user I see all peers, that my registered peer can see.
    So the admin can only limit my access by limiting the peer I registered. When a user never registered a peer the access cant be controlled and when a user has registered like 10 peers then he can see everything that the peers can see. The admin cant remove access to the peers that the user registered.

So in my opinion there is no clear access control or did I miss something ?
@braginini
Copy link
Contributor

hey @support-tt

Access control is bound to user machines (NetBird agents that run on the machines to be precise).
We plan to limit what a user role can see in the /peers tab of the UI dashboard. You described it well - everything that user machines can connect to is visible to a user in the UI.

What we plan is simple - we will only display the machines that the user owns in the /peers tab. Additionally, we will show the names and IPs of those peers that the user's machines can connect to in the detailed view of every user machine machine.

Does this make sense? What is your ideal access control? Let me know

Bets,
Misha

@support-tt
Copy link
Author

hey @braginini

thanks for the fast response. Yes I think I get it now. It would be great if a admin could remove a user from a machine.
For example we got some tablets and a user registered them. Now other people want to use them so I need to completely remove them from netbird and reregister so that they are not mapped to that user anymore.

So managing who owns which client in the ui would be great. I know I can change this in the store.json but thats not very comfortable and i already crashed my config twice by doing something wrong. (got a backup so was not a big problem)

@braginini
Copy link
Contributor

@support-tt
I will take it to the team and discuss changing ownership of the machine. Thank you!

@support-tt
Copy link
Author

@braginini
yes that would be great. At least that you can see in the UI which peer is owned by which user. In larger enviromennts it will otherwise become confusing in the long run.

thanks you for your input and fast response.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@braginini @support-tt