Roadmap reflections
Posted: Wed Sep 25, 2024 12:06 am
Hi,
Jus saw that 2.5.1 is out - nice job
I found myself skimming through the Unimus roadmap, where I hoped to find some info on the since long mentioned enhanced RBAC model. Found nothing, but I did notice an upcoming feature "Device CLI" directly in Unimus.
I fear that Unimus is becoming something more than we, as an MSP, need. Even with read-only access, users can still run things like pre-defined config push templates, which could be an issue depending on what the template does. With a feature like "Device CLI" I fear that users that only need the product of what Unimus retrieves, i.e the device backup, might be able to gain access to more than they should. For some devices the actual Unimus user has way more permissions than I would like, due to limitations in the device permission model itself. If a simple user can gain RW CLI access to the running devices we will have to instantly replace Unimus with something else. The legal demands that are placed on us just don't give room for these kind of backdoors. As a minimum, such a feature should force the user to use personal credentials to access the device, and not the credential Unimus use to backup the device.
We have many low-level Unimus users that only need to get the latest backup, for example when replacing a faulty unit. Sure, I could create something that allows them to extract that, and only that, via the API but that is more work, and also something we need to maintain ourself. The Unimus GUI is already there and it is fairly easy to use without training. With a good RBAC system in place we can limit users to only what
they actually need. Both in terms of which devices they can extract configurations from, and which Unimus features they can use.
So please, give us a better way to control what the users can do!
Sorry for the lenghty post, and I hope my fear is unfounded.
Kind Regards,
//Dan
Jus saw that 2.5.1 is out - nice job
I found myself skimming through the Unimus roadmap, where I hoped to find some info on the since long mentioned enhanced RBAC model. Found nothing, but I did notice an upcoming feature "Device CLI" directly in Unimus.
I fear that Unimus is becoming something more than we, as an MSP, need. Even with read-only access, users can still run things like pre-defined config push templates, which could be an issue depending on what the template does. With a feature like "Device CLI" I fear that users that only need the product of what Unimus retrieves, i.e the device backup, might be able to gain access to more than they should. For some devices the actual Unimus user has way more permissions than I would like, due to limitations in the device permission model itself. If a simple user can gain RW CLI access to the running devices we will have to instantly replace Unimus with something else. The legal demands that are placed on us just don't give room for these kind of backdoors. As a minimum, such a feature should force the user to use personal credentials to access the device, and not the credential Unimus use to backup the device.
We have many low-level Unimus users that only need to get the latest backup, for example when replacing a faulty unit. Sure, I could create something that allows them to extract that, and only that, via the API but that is more work, and also something we need to maintain ourself. The Unimus GUI is already there and it is fairly easy to use without training. With a good RBAC system in place we can limit users to only what
they actually need. Both in terms of which devices they can extract configurations from, and which Unimus features they can use.
So please, give us a better way to control what the users can do!
Sorry for the lenghty post, and I hope my fear is unfounded.
Kind Regards,
//Dan