User Permissions #53
Replies: 4 comments 4 replies
-
|
Great question! For example, within the default project create the instances that UserB can access. Then create a new project, ProjectA. Within ProjectA create the instances that you want UserA to access only. Defining which user can access which project comes from adding restrictions to trusted client certificates within the LXD Server. Each user that adds a remote from the CLI (lxc remote add ...) will have a certificate on the LXD Server. You can edit the certificate information to restrict the certificate and list the allowed projects. So for UserB, restrict their certificate to only the default project. You can use the CLI (lxc conf trust edit ...) or using the dashboard to edit that certificate. For example, in the dashboard the certificate config would look like: { This would allow UserA to have no restrictions for projects, accessing instances on both the default project and ProjectA, and then UserB would only be able to access instances associated with the default project. Helpful links: Ok so now to limitations of this dashboard. Each deployment of the dashboard uses a single certificate to connect to remote LXD servers, similar to how each user of the CLI connects to remote hosts. This means that you would need to deploy two dashboards. One that does not have the project restrictions, and another that does. UserB would login to the dashboard with the project restrictions. |
Beta Was this translation helpful? Give feedback.
-
|
Okay this would be a workaround.
Admin accounts must see everything. This is what I looked for :) |
Beta Was this translation helpful? Give feedback.
-
|
I am in the process of rewriting the backend from php to python. I will definitely test and consider options to allow this type of granular control. |
Beta Was this translation helpful? Give feedback.
-
|
That would be awesome 😸 |
Beta Was this translation helpful? Give feedback.
-
|
Can we assist in the porting to Python Mathew?
We can perhaps test and provide you with resources to help in the
development.
Den fre 23 dec. 2022 22:17Marcel ***@***.***> skrev:
… That would be awesome 😸
—
Reply to this email directly, view it on GitHub
<#53 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGPVK6AUIZS3V2SF5IRJQDWOYJFLANCNFSM6AAAAAAS6CQJAY>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***
com>
|
Beta Was this translation helpful? Give feedback.
-
|
Erik, Yes, I will make the code available when I get it to an Alpha release and then will be looking for people to test it. I am targeting that to be around the end of March time frame. Thanks, |
Beta Was this translation helpful? Give feedback.
-
|
I have the python port of the dashboard ready for testing. I called it lxconsole and is available on GitHub here: https://github.com/PenningLabs/lxconsole |
Beta Was this translation helpful? Give feedback.
-
|
Wow!
I will definetly try it out!
Also, can we participate in the development it would be great as well.
/Erik
Den fre 5 maj 2023 04:34Matthew Penning ***@***.***> skrev:
… I have the python port of the dashboard ready for testing. I called it
lxconsole and is available on GitHub here:
https://github.com/PenningLabs/lxconsole
I have included a file called roadmap.txt that defines a roadmap of
development that I plan to add before the stable release.
—
Reply to this email directly, view it on GitHub
<#53 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGPVK6DZNXMLQUSM3FV7YLXERRKZANCNFSM6AAAAAAS6CQJAY>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
I am new to lxd and i like the dashboard, great work it makes many things easier :)
It comes with multi user support and i have a question about it.
Where can i set permissions for users or groups? I did not find it.
I want to limit access for some containers to users or groups.
At the moment every user may start / stop containers or connect to them.
Example:
I have 3 containers and user A shall use all of them, but user B shall only use container 2.
How can i solve this?
I did not find any documentary :(
Beta Was this translation helpful? Give feedback.
All reactions