<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: Access to RIPE-TT data from third parties
- To: ttm@ripe.net
- Subject: Re: Access to RIPE-TT data from third parties
- From: Ana Susanj <ana@ripe.net>
- Date: Sat, 13 Jan 2001 21:18:36 +0100
- In-Reply-To: <20010111164458.B26451@ripe.net>; from ana@ripe.net on Thu, Jan 11, 2001 at 04:44:58PM +0100
- References: <4.3.2.7.2.20010111145529.00dff460@localhost.ripe.net> <Pine.BSI.4.05L.10012221354140.17664-100000@x49.ripe.net> <20001221224949.A8947@ripe.net> <Pine.BSI.4.05L.10012221354140.17664-100000@x49.ripe.net> <20010111134053.A23857@ripe.net> <4.3.2.7.2.20010111145529.00dff460@localhost.ripe.net> <20010111151836.A26451@ripe.net> <4.3.2.7.2.20010111161924.00e02430@localhost.ripe.net> <20010111164458.B26451@ripe.net>
- User-Agent: Mutt/1.2.5i
Evening,
(ah, things I do on a saturday night ;)
Advice needed:
There are two requirements that, as far as I can see, should not
go together, otherwise what's the point of having passwords (?)
req 1:
Each admin should be able to change password of another
admin that belongs to the same group.
Examples:
(a) if both Dog and Cat are admins of tt01, then Dog can
change Cat's password and vice versa;
(b) if Dog is an admin of tt01 and Bird is an admin of tt02,
then Dog can't change Bird's password unless Bird can also view
data for tt01..
req 2:
Each admin should have the option to add an already existing
user to their tt group.
Examples:
(a) if Dog is an admin of tt01 and Bird is an admin of tt02
and if Dog wants Bird to be able to view data for tt01 then
Dog needs to add Bird to tt01 group. Once Bird is in group tt01
then Dog is also its admin and can then change Bird's password,
thus gaining control over tt02.
Now, while we can hope that none of the users will have any need
to abuse the system, I'd still like to do this 'properly'. One
solution is to not allow one user to change other user's password,
unless it's a RIPE NCC user who's doing the changing.
ana.
* Ana Susanj (ana@ripe.net) [010111 16:44]:
> > Maybe there shgould be an option to see all users in the modify screen,
> > or all users that are not admined by the current one.
>
> This is the current structure:
>
> isp1: admin1, user1, user2, user3
> isp2: admin2, user4, user5
>
> and so on. Even with 50 TT boxes, this would give a list of at least
> 50 usernames, more if any of those have accounts for their customers
> as well. A big list :)
>
> Maybe, before updating the groups for a user, I could check if a user
> would be left without any groups and then warn the admin and offer to
> just completely delete the user instead? If they don't want them in any
> of their groups, and if they're not in any other groups, then i don't
> see the point of keeping the username. They can easily create it next
> time?
>
>
> ana.
--
~
~ Oh hello, Mr. Soul, I dropped by to pick up a reason;
~ NY
<<<
Chronological Index
>>> <<<
Thread Index
>>>