I want to grant permissions for different groups to different hosts that are in one target, how to do it? I’ve reached the point where I can grant access to the target, but I can see all the hosts in it and I want one or two.
my grants in rolerole:
id=ttcp_iBOt8BaYEx;actions=authorize-session
id= * ; type= * ; actions=read,list
if i use:
id=ttcp_iBOt8BaYEx;actions=authorize-session
id=hst_bWRgMmRp1C;type=*; actions=read,list
not working
Regards,
AN
Hi,
I updated boundary to version 0.15.4 and the problem is the same.
The following setting shows the targets in the client along with the list to which I can connect and is ok:
ids=ttcp_iBOt8BaYEx,ttcp_mu5EYz03wd;actions=authorize-session
ids=;type=host;actions=read
ids=;type=target;actions=read
This setting does not show a list of hosts but links to a random host included in the target:
ids=ttcp_iBOt8BaYEx,ttcp_mu5EYz03wd;actions=authorize-session
ids=hst_OU86qiUIhs;actions=read
In my opinion, it should only connect to the host with the given id. If I did something wrong, please tell me how to do it correctly.
When you are setting permissions on the hosts, you are setting permissions on the actual host resources. Targets do not use permissions on hosts when connecting; the set of hosts they can connect to is codified in the target itself. You can pick a particular host at connect time, or you can scope the set of hosts on a target to something smaller (or use the address field directly).
Ok, I understand. Thanks for your reply.