This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] NWI-8 LIR´s SSO Authentication Groups
- Previous message (by thread): [db-wg] NWI-8 LIR´s SSO Authentication Groups
- Next message (by thread): [db-wg] NWI-9 In-band notification mechanism? ???
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hank Nussbacher
hank at efes.iucc.ac.il
Mon Apr 15 16:05:47 CEST 2019
On 15/04/2019 13:31, ripedenis--- via db-wg wrote: I have recently encountered issues in this area as well. I would like to see the standard "non-billing" users to not only be allowed for the main resources but also for all sub-groups that appear under the LIR. Currently, a user added as a regular LIR user does *not *have access to all RIPE NCC services: Currently in the LIR there are 3 level of users: - Admin - The Administrator will have full access to RIPE NCC services plus the right to manage other LIR contacts o Regular - The Operator will have full access to RIPE NCC services o Billing - The Billing user will have access to RIPE NCC billing information only Only by adding that user as SSO under the mnt-ner will the user have access to all LIR sub-groups. Also, now that RPKI is picking up steam, I would like to see an additional level of user known as RPKI - which means the user can have access to all RIPE NCC RPKI services, including creating ROAs and anything else related to RPKI. Regards, Hank > Colleagues > > I think we have now agreed on these problem and solution definitions: > > Problem Definition > > LIRs would like a mechanism to easily add/remove users to centralised > SSO authentication groups for maintaining objects in the RIPE Database. > > > Solution Definition > > Stage 1 > > -Non billing Users listed in an LIR´s portal account will be contained > in a default authentication group > > -Non billing users added or removed through the portal UI will be > automatically adjusted in this group > > -This authentication group can be referenced in MNTNER objects by a > new authentication method > > -These authentication groups for LIRs will be stored in a way that > updates to the RIPE Database is not dependent on the availability of > the portal service > > > Stage 2 > > -Non billing Users listed in an LIR´s portal account can be added to > and removed from user defined SSO authentication groups > > -Each User can be a member of any number of named groups > > -The authentication groups can be configured using the portal UI > > -These groups can be referenced in MNTNER objects by the new > authentication method > > > The chairs will now ask the RIPE NCC to work from these definitions in > preparing their implementation plan. > > cheers > denis > > co-chair DB-WG > -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/db-wg/attachments/20190415/8032af47/attachment.html>
- Previous message (by thread): [db-wg] NWI-8 LIR´s SSO Authentication Groups
- Next message (by thread): [db-wg] NWI-9 In-band notification mechanism? ???
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]