[db-wg] NWI-8 LIR´s SSO Authentication Groups
- Previous message (by thread): [db-wg] NWI-8 LIR´s SSO Authentication Groups
- Next message (by thread): [db-wg] NWI-9 In-band notification mechanism? ???
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hank Nussbacher
hank at efes.iucc.ac.il
Mon Apr 15 16:05:47 CEST 2019
On 15/04/2019 13:31, ripedenis--- via db-wg wrote: I have recently encountered issues in this area as well. I would like to see the standard "non-billing" users to not only be allowed for the main resources but also for all sub-groups that appear under the LIR. Currently, a user added as a regular LIR user does *not *have access to all RIPE NCC services: Currently in the LIR there are 3 level of users: - Admin - The Administrator will have full access to RIPE NCC services plus the right to manage other LIR contacts o Regular - The Operator will have full access to RIPE NCC services o Billing - The Billing user will have access to RIPE NCC billing information only Only by adding that user as SSO under the mnt-ner will the user have access to all LIR sub-groups. Also, now that RPKI is picking up steam, I would like to see an additional level of user known as RPKI - which means the user can have access to all RIPE NCC RPKI services, including creating ROAs and anything else related to RPKI. Regards, Hank > Colleagues > > I think we have now agreed on these problem and solution definitions: > > Problem Definition > > LIRs would like a mechanism to easily add/remove users to centralised > SSO authentication groups for maintaining objects in the RIPE Database. > > > Solution Definition > > Stage 1 > > -Non billing Users listed in an LIR´s portal account will be contained > in a default authentication group > > -Non billing users added or removed through the portal UI will be > automatically adjusted in this group > > -This authentication group can be referenced in MNTNER objects by a > new authentication method > > -These authentication groups for LIRs will be stored in a way that > updates to the RIPE Database is not dependent on the availability of > the portal service > > > Stage 2 > > -Non billing Users listed in an LIR´s portal account can be added to > and removed from user defined SSO authentication groups > > -Each User can be a member of any number of named groups > > -The authentication groups can be configured using the portal UI > > -These groups can be referenced in MNTNER objects by the new > authentication method > > > The chairs will now ask the RIPE NCC to work from these definitions in > preparing their implementation plan. > > cheers > denis > > co-chair DB-WG > -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.ripe.net/ripe/mail/archives/db-wg/attachments/20190415/8032af47/attachment.html>
- Previous message (by thread): [db-wg] NWI-8 LIR´s SSO Authentication Groups
- Next message (by thread): [db-wg] NWI-9 In-band notification mechanism? ???
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]