Nielson, Adam
2008-04-16 22:20:39 UTC
Please see the below email thread.
I am wanting to know if the new 3.1.1 release will fix my issues, and if its easy and relatively risk-free to upgrade a production environment from 3.1.0 to 3.1.1?
Thank you!
- Adam Nielson
-----Original Message-----
From: Petersen, Kirsten J - NET [mailto:Kirsten.Petersen at oregonstate.edu]
Sent: Wednesday, April 02, 2008 4:24 PM
To: Nielson, Adam; maintain at osuosl.org
Subject: RE: [Maintain] Help managing new zone/IP range/etc
So, "zones" in Maintain are meant to be permission boundaries. When a user logs in, they should only be able to select zones that they have been assigned to. They should only be able to create hosts or make other changes within zones they have access to. Within each zone, when assigning a domain name or IP address, they should only be able to select domains or IP ranges assigned to that zone. Also, they should only be able to select workgroups assigned to that domain.
Maintain 3.1.0 had quite a few bugs with respect to permissions.
Since your instance is in production, you probably want to wait for the next release. I think we will be doing another one pretty soon actually.
________________
Kirsten Petersen
Network Services * Oregon State University http://oregonstate.edu/net * irc.oregonstate.edu #osu-is "Paper doesn't grow on trees."
-----Original Message-----
From: Nielson, Adam [mailto:adam.nielson at hp.com]
Sent: Wednesday, April 02, 2008 2:49 PM
To: Petersen, Kirsten J - NET; maintain at osuosl.org
Subject: RE: [Maintain] Help managing new zone/IP range/etc
I am using maintain 3.1.0.
This is a production environment, so am I able to successfully update and upgrade a production environment, or do I have to rebuild it from the ground up?
Also, reading through my madness... Does it make sense what I am wanting to do? Am I missing some fundamental feature of structure of maintain?
It just doesn't appear to be "clicking" for me what separates what.
- Adam
-----Original Message-----
From: Petersen, Kirsten J - NET
[mailto:Kirsten.Petersen at oregonstate.edu]
Sent: Wednesday, April 02, 2008 3:44 PM
To: Nielson, Adam; maintain at osuosl.org
Subject: RE: [Maintain] Help managing new zone/IP range/etc
Adam,
What version of Maintain are you running? We have fixed a *lot* of bugs since the last release, so you probably want to pull from the SVN trunk if you aren't already. I know we have fixed several bugs that sound like the problems you are having.
________________
Kirsten Petersen
Network Services * Oregon State University http://oregonstate.edu/net * irc.oregonstate.edu #osu-is "Paper doesn't grow on trees."
-----Original Message-----
From: maintain-bounces at osuosl.org [mailto:maintain-bounces at osuosl.org]
On Behalf Of Nielson, Adam
Sent: Wednesday, April 02, 2008 2:35 PM
To: maintain at osuosl.org
Subject: [Maintain] Help managing new zone/IP range/etc
Hello.
I have been using maintain for several months now and really enjoying it.
We currently have our entire subnet as one IP range managed under one team of 3 administrators.
We are now wanting to split the IP range into smaller chunks, and have different zones for contract companies to have their own log in, only have access to their zone and their small IP range.
I have created a new zone, split the IP range down, created a user, etc.
I am running into issues still.
Like:
- a user from zone B can still do things in Zone A (add ips, etc)
- I cannot tell the new user to default to the new zone, so when I log in its just blank
- I cant lock the user out from seeing other workgroups, so they can add ips to another section they shouldn't have access to.
So, a different zone allows each company to only see and modify there ip chunk. But why can they also go to other workgroups? Do I have to have separate subnets and IP blocks? Or can I have them all in one subnet/block, but break them out with ranges?
How do I lock down access to other zones or workgroups?
Is there any documentation guides or help I can be directed to as im guessing this is a common use of maintain.
Thank you,
Adam Nielson
I am wanting to know if the new 3.1.1 release will fix my issues, and if its easy and relatively risk-free to upgrade a production environment from 3.1.0 to 3.1.1?
Thank you!
- Adam Nielson
-----Original Message-----
From: Petersen, Kirsten J - NET [mailto:Kirsten.Petersen at oregonstate.edu]
Sent: Wednesday, April 02, 2008 4:24 PM
To: Nielson, Adam; maintain at osuosl.org
Subject: RE: [Maintain] Help managing new zone/IP range/etc
So, "zones" in Maintain are meant to be permission boundaries. When a user logs in, they should only be able to select zones that they have been assigned to. They should only be able to create hosts or make other changes within zones they have access to. Within each zone, when assigning a domain name or IP address, they should only be able to select domains or IP ranges assigned to that zone. Also, they should only be able to select workgroups assigned to that domain.
Maintain 3.1.0 had quite a few bugs with respect to permissions.
Since your instance is in production, you probably want to wait for the next release. I think we will be doing another one pretty soon actually.
________________
Kirsten Petersen
Network Services * Oregon State University http://oregonstate.edu/net * irc.oregonstate.edu #osu-is "Paper doesn't grow on trees."
-----Original Message-----
From: Nielson, Adam [mailto:adam.nielson at hp.com]
Sent: Wednesday, April 02, 2008 2:49 PM
To: Petersen, Kirsten J - NET; maintain at osuosl.org
Subject: RE: [Maintain] Help managing new zone/IP range/etc
I am using maintain 3.1.0.
This is a production environment, so am I able to successfully update and upgrade a production environment, or do I have to rebuild it from the ground up?
Also, reading through my madness... Does it make sense what I am wanting to do? Am I missing some fundamental feature of structure of maintain?
It just doesn't appear to be "clicking" for me what separates what.
- Adam
-----Original Message-----
From: Petersen, Kirsten J - NET
[mailto:Kirsten.Petersen at oregonstate.edu]
Sent: Wednesday, April 02, 2008 3:44 PM
To: Nielson, Adam; maintain at osuosl.org
Subject: RE: [Maintain] Help managing new zone/IP range/etc
Adam,
What version of Maintain are you running? We have fixed a *lot* of bugs since the last release, so you probably want to pull from the SVN trunk if you aren't already. I know we have fixed several bugs that sound like the problems you are having.
________________
Kirsten Petersen
Network Services * Oregon State University http://oregonstate.edu/net * irc.oregonstate.edu #osu-is "Paper doesn't grow on trees."
-----Original Message-----
From: maintain-bounces at osuosl.org [mailto:maintain-bounces at osuosl.org]
On Behalf Of Nielson, Adam
Sent: Wednesday, April 02, 2008 2:35 PM
To: maintain at osuosl.org
Subject: [Maintain] Help managing new zone/IP range/etc
Hello.
I have been using maintain for several months now and really enjoying it.
We currently have our entire subnet as one IP range managed under one team of 3 administrators.
We are now wanting to split the IP range into smaller chunks, and have different zones for contract companies to have their own log in, only have access to their zone and their small IP range.
I have created a new zone, split the IP range down, created a user, etc.
I am running into issues still.
Like:
- a user from zone B can still do things in Zone A (add ips, etc)
- I cannot tell the new user to default to the new zone, so when I log in its just blank
- I cant lock the user out from seeing other workgroups, so they can add ips to another section they shouldn't have access to.
So, a different zone allows each company to only see and modify there ip chunk. But why can they also go to other workgroups? Do I have to have separate subnets and IP blocks? Or can I have them all in one subnet/block, but break them out with ranges?
How do I lock down access to other zones or workgroups?
Is there any documentation guides or help I can be directed to as im guessing this is a common use of maintain.
Thank you,
Adam Nielson