By now, the concept of “role” is the same of “group membership”.
If an user is member of a particular group, it inherits the group access permissions.
Access rules (to the Server Manager) are defined by json files under
/usr/share/nethesis/NethServer/Authorization/
base.json states that
- members of
administrators(oradm) are root-equivalents - members of
managershave access to any module in the “Management” category
base.json comes with nethserver-base package, so every system has it by default.
To use these builtin roles
- create the groups
- put users into them
Nethgui does not look inside /etc, so existing roles cannot be changed locally. Policies come only from RPMs.
But we can develop further the Authorizartion feature. I’d like to
- see if Symfony Security component can provide the basic implementation
- read policy files (whatever format) also from
/etc/, allowing local customization (by hand, template…) of RPM based rules.
I’m not sure an editor panel would be necessary if good default roles/groups are provided and a simple customization path is provided for special needs. We already have /etc/e-smith/template-custom for that.