Enterprise ACL システム

Pandora FMS ドキュメント一覧に戻る

The ACL model is based on Unix® style:

ACL モデルは Unix® スタイルに基づいています。

role/action/group/user (4 items).

The Enterprise ACL system allows defining -according to profile- which pages (defined one by one or by “groups”) have access users. This will allow you to redefine which sections of the interface a user can see. For example, allowing a user to view only the Group view and the Detailed agent view, skipping pages such as Alert view or Monitor view, already grouped in the system classic Pandora FMS ACL as AR (Agent Read Privileges).

Enterprise ACL システム では、プロファイルに従って、どのページ (1 つずつまたは「グループ」ごとに定義) にユーザがアクセスできるかを定義できます。これにより、ユーザが表示できるインターフェースのセクションを再定義できます。たとえば、グループ 表示と 詳細 エージェント表示のみをユーザが表示できるようにし、アラート表示 や モニター表示 などのページはスキップします。これらは、従来の Pandora FMS ACL システムで既に AR (エージェント読み取り権限) としてグループ化されています。

This functionality allows you to restrict the administration by pages. It is very useful to allow some specific low-level operations.

この機能を使用すると、ページごとに管理を制限できます。特定の低レベルの操作を許可するのに非常に便利です。

In order to use the ACL Enterprise system, the first thing to do is to activate it in the configuration tab. Menu Management menu → Setup → Setup → Enterprise, enable Use Enterprise ACL System → click Update button.

Enterprise ACL システムを使用するには、まず設定タブで有効にする必要があります。メニューの 管理 → セットアップ → セットアップ → Enterprise で、Enterprise ACL システムの使用 を有効にし、更新 ボタンをクリックします。

To configure the Enterprise ACL Enterprise system: Management → Profiles → Enterprise ACL Setup. In this screen you can add new items in the ACL System and see the items defined by profile. You can also delete items from the ACL Enterprise system.

Enterprise ACL システムを設定するには、管理 → プロファイル → Enterprise ACL セットアップ に進みます。この画面では、ACL システムに新しい項目を追加し、プロファイルで定義された項目を確認できます。Enterprise ACL システムから項目を削除することもできます。

There are two ways to add pages to a profile: with the wizard (default) or with the custom edition. For this there is a button next to the Add button that toggles between Wizard and Custom.

With the wizard you will choose the sections and pages of some drop-down list controls.

To include a Pandora FMS page in the “allowed pages”, you must select the profile to which the rule will be applied, then select in the Section control the section that contains the desired page. At that time, you will be able to select in the Section 2 control any of your pages and it works the same way for Section 3.

Another option is to select a section and the value All in the Section control. This will allow the chosen profile to see “everything” of the chosen section. Also selecting All on both controls will allow users of that profile to see “all” of “all” sections, just as they would without the ACL Enterprise System for that profile.

Moving the pointer over any of the items will display the corresponding delete button.

To add single pages that are not accessible from the menu you can manually enter the corresponding sec2. To do this, the page to be added is accessed and the parameter is copied.other Section 2.

For example, to add the main view of the agents, you enter the view of any agent and you will find a URL similar to this:

http://localhost/pandora/index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=7702

Enter the content of the sec2 parameter (operation/agents/ver_agent) in the Section 2 text box.

Any page that is limited will not be displayed in the menu and will not be allowed to be used, even when the user puts the URL in “manual” mode.

Any page not allowed by the “Classic” ACL system of Pandora FMS will not be allowed by the ACL Enterprise system (this is valid for the classic ACL system).

In addition, there is a control that checks if a page belongs to a section, which reinforces the security against manual modifications of the URL. This check will skip pages added with the custom editor, as well as access to each page in an entire section that is allowed access, thus optimizing loading.

You can check at any time the pages allowed for each profile using Filter by profile and then clicking the Filter button: