group and access control is very weird

Question

group and access control is very weird

support-tt opened this issue a year ago · comments

support-tt commented a year ago

Hello,
i tested the netbird management UI with 3 users.

User has full admin and registered 5 peers
User rights with 1 peer
User rights with 1 peer
when I login as user I see all peers, that my registered peer can see.
So the admin can only limit my access by limiting the peer I registered. When a user never registered a peer the access cant be controlled and when a user has registered like 10 peers then he can see everything that the peers can see. The admin cant remove access to the peers that the user registered.

So in my opinion there is no clear access control or did I miss something ?

Misha Bragin · Answer 1 · Thu Jul 20 2023 22:14:01 GMT+0800 (China Standard Time)

hey @support-tt

Access control is bound to user machines (NetBird agents that run on the machines to be precise).
We plan to limit what a user role can see in the /peers tab of the UI dashboard. You described it well - everything that user machines can connect to is visible to a user in the UI.

What we plan is simple - we will only display the machines that the user owns in the /peers tab. Additionally, we will show the names and IPs of those peers that the user's machines can connect to in the detailed view of every user machine machine.

Does this make sense? What is your ideal access control? Let me know

Bets,
Misha

support-tt · Answer 2 · Thu Jul 20 2023 22:29:06 GMT+0800 (China Standard Time)

hey @braginini

thanks for the fast response. Yes I think I get it now. It would be great if a admin could remove a user from a machine.
For example we got some tablets and a user registered them. Now other people want to use them so I need to completely remove them from netbird and reregister so that they are not mapped to that user anymore.

So managing who owns which client in the ui would be great. I know I can change this in the store.json but thats not very comfortable and i already crashed my config twice by doing something wrong. (got a backup so was not a big problem)

Misha Bragin · Answer 3 · Thu Jul 20 2023 22:46:56 GMT+0800 (China Standard Time)

@support-tt
I will take it to the team and discuss changing ownership of the machine. Thank you!

support-tt · Answer 4 · Fri Jul 21 2023 17:22:42 GMT+0800 (China Standard Time)

@braginini
yes that would be great. At least that you can see in the UI which peer is owned by which user. In larger enviromennts it will otherwise become confusing in the long run.

thanks you for your input and fast response.