-
Notifications
You must be signed in to change notification settings - Fork 25
tac_plus‐ng: tags
Marc Huber edited this page Sep 28, 2024
·
4 revisions
Tags are recognized for both hosts and users. You can may use tags in scripts, and comparing host and user tags is straightforward:
device demohost { tag = a,d,f }
user demouser { tag = a,b,c member = readonly }
ruleset {
rule { if (device.tag == user.tag) { if (group == readonly) profile = readonly permit }
}
Dynamic hosts, dynamic users and their associated tags can be set via a suitable MAVIS backend, so this comes quite close to database support, especially as profile definitions in user context are now supported.