You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When implementing namespaces support for the nethsm library I ran across a few inconsistencies, that I would like to document here.
Users for a namespaces and the namespace itself is created using a system-wide user in the administrator role (R-Administrator):
one or more users in the administrator role are created with a namespace prefix (e.g. namespace1~admin1)
optionally, further users (also in other roles) for that namespace are created
the namespace (e.g. namespace1) is created
Afterwards only the namespace administrator (N-Administrator) is able to create further users and keys.
Users in the metrics and backup role can also be created for a namespace (either up front by the R-Administrator or after namespace creation by the N-Administrator).
After private discussion with @ansiwen it appears as if functionality accessible to users in the backup and metrics role is not meant to be available in namespaces though.
When testing I noticed, that the namespace users in the backup role can indeed not be used to retrieve backups.
However, namespace users in the metrics role can be used to retrieve metrics.
For documentation (and implementation) purposes it would be great to figure out whether namespace users in the metrics role should be able to retrieve metrics.
In general I wonder whether it wouldn't be best to guard against the creation of users in the metrics and backup role in/ for namespaces altogether.
The text was updated successfully, but these errors were encountered:
Hi! 👋
When implementing namespaces support for the nethsm library I ran across a few inconsistencies, that I would like to document here.
Users for a namespaces and the namespace itself is created using a system-wide user in the administrator role (R-Administrator):
namespace1~admin1)namespace1) is createdAfterwards only the namespace administrator (N-Administrator) is able to create further users and keys.
Users in the metrics and backup role can also be created for a namespace (either up front by the R-Administrator or after namespace creation by the N-Administrator).
After private discussion with @ansiwen it appears as if functionality accessible to users in the backup and metrics role is not meant to be available in namespaces though.
When testing I noticed, that the namespace users in the backup role can indeed not be used to retrieve backups.
However, namespace users in the metrics role can be used to retrieve metrics.
For documentation (and implementation) purposes it would be great to figure out whether namespace users in the metrics role should be able to retrieve metrics.
In general I wonder whether it wouldn't be best to guard against the creation of users in the metrics and backup role in/ for namespaces altogether.
The text was updated successfully, but these errors were encountered: