Unimus forum

So I'm thinking about Unimus as something we might be able to package for some of our clients where we manage all the IT (not just router/network). In this instance I would grant a login to the server but looking to limit things more than the read-only role.

The Tagging works well to restrict devices to users (setting it up could be a little more intuitive if you care for that feedback) but some things that are 'inappropriate' are still viewable/accessible. Is there any plan to refine the permissions further or otherwise target Unimus to an MSP/Multi-tenancy?

• Allow user to see dates of backups on a device (as now) but no access to the buttons for view, diff, download, etc. (iow no way to view/access the contents of the backups)
• Restrict config search
• Restrict clicking credentials, Notifications, User Management or Other Settings tabs

Might be a few other details but that's the gist.

Thanks,

JAz wrote: ↑

Tue May 29, 2018 11:38 pm

The Tagging works well to restrict devices to users (setting it up could be a little more intuitive if you care for that feedback)

Feedback would be much appreciated.

JAz wrote: ↑

Tue May 29, 2018 11:38 pm

Is there any plan to refine the permissions further or otherwise target Unimus to an MSP/Multi-tenancy?

When we were originally designing the access role features, we had a big discussion about this.

We talked about doing a very fine-grained permissions system, where you could yourself define new access roles, and exact privileges for each role.

For the initial implementation, we decided to go with the easy to use, and easy to implement system you see now.

Going into the future, we still want to do a fine-grained permissions system (where you could achieve what you are mentioning in your post), but we don't currently have an ETA for this.

Tomas wrote: ↑

Wed May 30, 2018 10:22 am

JAz wrote: ↑

Tue May 29, 2018 11:38 pm

The Tagging works well to restrict devices to users (setting it up could be a little more intuitive if you care for that feedback)

Feedback would be much appreciated.

Ok. Will take me a bit to mock it up and flesh it out. The basic gist is it's a bit clunky atm. Too many clicks etc. Especially if/when would be small groups w/ a lot of users. I'll add it to my weekend list of "homework" lol.

JAz wrote: ↑

Tue May 29, 2018 11:38 pm

Is there any plan to refine the permissions further or otherwise target Unimus to an MSP/Multi-tenancy?

When we were originally designing the access role features, we had a big discussion about this.

We talked about doing a very fine-grained permissions system, where you could yourself define new access roles, and exact privileges for each role.

For the initial implementation, we decided to go with the easy to use, and easy to implement system you see now.

Going into the future, we still want to do a fine-grained permissions system (where you could achieve what you are mentioning in your post), but we don't currently have an ETA for this.

That's good that you considered it and I'm glad you want to include it at some point.

I feel Unimus would be more useful as a selling point for us if we had the ability to let eu's "see" their backups in "real-time"

But we would not want them to have access to view or dl any data from the configs (which we do not want them to be able to replicate and also may contain info we don't want shared) nor do they need access to such a rich interface. A simple UI with few tabs (here's your backups and when they ran, here's the schedule they're running on, see you later buh bye!) is really all they need.

For reference these are "smaller" indiv eu networks with a gateway router (usually 'tik maybe ERL) one or two inside switches ('tik or cisco) and some wifi (unifuck, unleashed or ZD) so basically anywhere from say 3 or 4 to 8-10 devices each.
In this case simple works best.

So questions:
Is it difficult to implement? Would you be open to doing some kind of partial implementation (or maybe a separate, read-only and limited UI if that's easier than granularizing each feature)? Is there any way good way I can gather feedback on other users' use/want for it?

Just trying to gauge what it would take to get done or maybe how we can spur it along if we have to.

hello to all
last reply to this question was in 2018, so I hope Unimus update since that time has brought a lot of new fonctionnalities.

my question is : if we area company with different IP network = 2 different administrative domains .
one IT and one OT per exemple
and we want to keep the seperation of the domain into Unimus

minimum requirement if to display
- like a wndows explorer, I will have 2 directory like
with each equipment below each directory

> is it possible to have this under Unimus ?
and then to have fine tuning for user to ahev different rights per domains

Tags provide some interest but to use only tag to do this is NOT good enough.

thanks in advance

dducamps wrote: ↑

Thu Nov 13, 2025 10:36 am

hello to all
last reply to this question was in 2018, so I hope Unimus update since that time has brought a lot of new fonctionnalities.

my question is : if we area company with different IP network = 2 different administrative domains .
one IT and one OT per exemple
and we want to keep the seperation of the domain into Unimus

minimum requirement if to display
- like a wndows explorer, I will have 2 directory like
with each equipment below each directory

> is it possible to have this under Unimus ?
and then to have fine tuning for user to ahev different rights per domains

Tags provide some interest but to use only tag to do this is NOT good enough.

thanks in advance

Yes, we have had several updates that effect our ability to be a multi-tennant system.
2.5.0 and 2.6.0 both had some significant improvements/features that make Unimus handle multi tennant situations better. That said, we still see some ways in which we want/need to improve and those are in our "to-do" list. (Keep an eye on our Roadmap https://wiki.unimus.net/display/UNPUB/Roadmap)

As for your specific request. I don't think Unimus has the display feature you are looking for, nor are we able to do permissions based on the name/domain of a device. That said, we can separate two sets of devices to only be visible to particular groups and that is entirely doable when you are bringing in a device. If you have a device that belongs to department A, then you could import it into Zone 11 which would automatically tag it correctly. This could even be done automatically if you have a NMS that we have a Sync connector for.

https://wiki.unimus.net/display/UNPUB/NMS+sync (Using Sync rules and previously separated devices) Or if you are using differing NMSes then even better.

https://wiki.unimus.net/display/UNPUB/O ... s+Policies

Depending on how you want to bring devices into your network, the permissions are completely capable.

That said, if you want to reach out to our sales email (https://unimus.net/pricing.html) and we can probably either put together a demo or at least be able to get your input to give to our developers as they work on this.

Side note: If you REALLY want total separation. You can purchase however many licenses you need for your total deployment (say 150) and split those licenses up between multiple license keys which can be applied to individual servers. There's no additional cost to licensing this way and we completely support it.