This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] Idea: magic mntner for all LIR contacts
- Previous message (by thread): [db-wg] Idea: magic mntner for all LIR contacts
- Next message (by thread): [db-wg] Idea: magic mntner for all LIR contacts
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Cynthia Revström
me at cynthia.re
Mon Jan 7 11:27:34 CET 2019
Hi Denis, I think the current main suggestion is to add a new DB auth scheme, such as "auth: SSO-LIR no.foobar" that includes all the SSO accounts linked to the LIR except for Billing accounts. Kind regards, Cynthia Revström On 2019-01-07 11:20, denis walker via db-wg wrote: > Hi Tore > > Just to clarify a point here. Are you suggesting that for all LIRs, > all listed LIR (non-billing) administrators should be able to manage > all the LIR's database objects that will all be maintained by this one > 'magic' MNTNER object as "mnt-by:", "mnt-lower:", "mnt-routes"? > > If any of the 'all' in that statement don't apply then can we be > clearer on the use case for this MNTNER object? > > cheers > denis > co-chair DB-WG > > > ------------------------------------------------------------------------ > *From:* Tore Anderson via db-wg <db-wg at ripe.net> > *To:* Piotr Strzyzewski <Piotr.Strzyzewski at polsl.pl> > *Cc:* db-wg-chairs at ripe.net; Aleksi Suhonen <Aleksi.Suhonen at axu.tm>; > db-wg at ripe.net > *Sent:* Monday, 7 January 2019, 10:25 > *Subject:* Re: [db-wg] Idea: magic mntner for all LIR contacts > > * Piotr Strzyzewski via db-wg > > > Look at this page > > https://www.ripe.net/manage-ips-and-asns/db/numbered-work-items > > and start new NWI. > > Thanks for the pointer! > > Chairs (cc-ed), could we have an NWI for this? > > Rough problem statement for the kickstart phase follows: > > There is currently no way to automatically sync the «auth: SSO x at y > <mailto:x at y>» > attributes for a maintainer object with the list of (non-billing) users > associated with an LIR. > > This leads to duplication of work (adding/removing newly hired/departed > LIR administrators in two places). > > Additionally, this increases the risk of unauthorised access, e.g., if an > administrator has left an LIR but was only removed from the LIR portal, > he might inappropriately retain access to manage database objects for the > LIR in question. > > It is therefore desirable to have a method to protect RIPE database > objects so that they can be maintained by the list of (non-billing) > user accounts currently associated with a specific LIR at any given > time. That is, when a RIPE NCC Access account is removed from the LIR's > user list, the database maintainer access should be automatically > revoked for that account as well. > > > Tore > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/db-wg/attachments/20190107/b5107beb/attachment.html>
- Previous message (by thread): [db-wg] Idea: magic mntner for all LIR contacts
- Next message (by thread): [db-wg] Idea: magic mntner for all LIR contacts
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]