[asterisk-gui] Opinion, what do you want in the gui for users?

Steven Sokol ssokol at sokol-associates.com
Fri Apr 13 13:58:16 MST 2007


On 4/13/07, Alvaro Oliver <alvaro.oliver at gmail.com> wrote:
> How about setting profiles?
> An admin account may have access to every single tab in the GUI, while an
> user account can just access some selected (by http.conf?) tabs.

Unfortunately, it's more complex than that.  If you grant a user the
ability to connect with Asterisk over the Manager API, you can set
various permissions in their profile in manager.conf.  The problem is
that if you give someone access to configuration (i.e. enable the
'config' option) you are giving them blanket access to the PBX's
configuration files -- including other user's passwords, the passwords
for your various ITSP accounts, etc.

We need to be able to grant a user read/right access on a
conf-file-by-conf-file basis.   It's also may be better off to move
the user configuration information out of a flat file and into the
AstDB -- upgraded to use SQLite3.  That way we could define security
tables that in turn define what permissions each user has on each
other table.

This, by the way, is ANOTHER reason why it's imperitive that
getconfig/writeconfig NOT embed #includes when processing files.  If
we give somebody permission to read user.conf but not passwords.conf,
but users.conf #includes passwords.conf, then the security is
violated.

Thanks,

-S
-- 
Steven Sokol
CEO
Sokol & Associates, Inc.

Asterisk Training:  http://www.sokol-associates.com/
AstriCon 2007: http://www.astricon.net/


More information about the asterisk-gui mailing list