Multi-tenancy / more granular user controls?

Post your feature requests here
Post Reply
JAz
Posts: 43
Joined: Thu Apr 26, 2018 11:06 pm

Tue May 29, 2018 11:38 pm

So I'm thinking about Unimus as something we might be able to package for some of our clients where we manage all the IT (not just router/network). In this instance I would grant a login to the server but looking to limit things more than the read-only role.

The Tagging works well to restrict devices to users (setting it up could be a little more intuitive if you care for that feedback) but some things that are 'inappropriate' are still viewable/accessible. Is there any plan to refine the permissions further or otherwise target Unimus to an MSP/Multi-tenancy?
  • Allow user to see dates of backups on a device (as now) but no access to the buttons for view, diff, download, etc. (iow no way to view/access the contents of the backups)
  • Restrict config search
  • Restrict clicking credentials, Notifications, User Management or Other Settings tabs
Might be a few other details but that's the gist.

Thanks,
User avatar
Tomas
Posts: 1206
Joined: Sat Jun 25, 2016 12:33 pm

Wed May 30, 2018 10:22 am

JAz wrote:
Tue May 29, 2018 11:38 pm
The Tagging works well to restrict devices to users (setting it up could be a little more intuitive if you care for that feedback)
Feedback would be much appreciated.
JAz wrote:
Tue May 29, 2018 11:38 pm
Is there any plan to refine the permissions further or otherwise target Unimus to an MSP/Multi-tenancy?
When we were originally designing the access role features, we had a big discussion about this.

We talked about doing a very fine-grained permissions system, where you could yourself define new access roles, and exact privileges for each role.

For the initial implementation, we decided to go with the easy to use, and easy to implement system you see now.

Going into the future, we still want to do a fine-grained permissions system (where you could achieve what you are mentioning in your post), but we don't currently have an ETA for this.
JAz
Posts: 43
Joined: Thu Apr 26, 2018 11:06 pm

Wed May 30, 2018 6:35 pm

Tomas wrote:
Wed May 30, 2018 10:22 am
JAz wrote:
Tue May 29, 2018 11:38 pm
The Tagging works well to restrict devices to users (setting it up could be a little more intuitive if you care for that feedback)
Feedback would be much appreciated.
Ok. Will take me a bit to mock it up and flesh it out. The basic gist is it's a bit clunky atm. Too many clicks etc. Especially if/when would be small groups w/ a lot of users. I'll add it to my weekend list of "homework" lol.
JAz wrote:
Tue May 29, 2018 11:38 pm
Is there any plan to refine the permissions further or otherwise target Unimus to an MSP/Multi-tenancy?
When we were originally designing the access role features, we had a big discussion about this.

We talked about doing a very fine-grained permissions system, where you could yourself define new access roles, and exact privileges for each role.

For the initial implementation, we decided to go with the easy to use, and easy to implement system you see now.

Going into the future, we still want to do a fine-grained permissions system (where you could achieve what you are mentioning in your post), but we don't currently have an ETA for this.
That's good that you considered it and I'm glad you want to include it at some point.

I feel Unimus would be more useful as a selling point for us if we had the ability to let eu's "see" their backups in "real-time"

But we would not want them to have access to view or dl any data from the configs (which we do not want them to be able to replicate and also may contain info we don't want shared) nor do they need access to such a rich interface. A simple UI with few tabs (here's your backups and when they ran, here's the schedule they're running on, see you later buh bye!) is really all they need.

For reference these are "smaller" indiv eu networks with a gateway router (usually 'tik maybe ERL) one or two inside switches ('tik or cisco) and some wifi (unifuck, unleashed or ZD) so basically anywhere from say 3 or 4 to 8-10 devices each.
In this case simple works best.

So questions:
Is it difficult to implement? Would you be open to doing some kind of partial implementation (or maybe a separate, read-only and limited UI if that's easier than granularizing each feature)? Is there any way good way I can gather feedback on other users' use/want for it?

Just trying to gauge what it would take to get done or maybe how we can spur it along if we have to. :mrgreen:
Post Reply