Some new features request

hallo zaid,

we just run ACS on our live network for last 24 hours and the system have some users with different rights.

so the features request are :

  • add the filter option on index page for identity.
  • an ability to filter reset button function on device page for user with access write
  • the log that show when and who adopt / summon the new device and other logs as well; such as when and who upload the 1 Firmware Upgrade Image, 3 Vendor configuration files, and other actions such as tag, untag, etc.
  • the auto summon of the devices for each inform, or is there a way to put provision and preset to do this (auto summon) ? so the informatio shown on both index and device pages are near to up to date.

thank you

P

  • You can already add a filter option on the index page for identity - go into Admin->Config->Edit filters
  • The audit log functionality you are requesting is in the commercial version of GenieACS
  • You can add to the provision named “default” for this - you will have this provision if you installed 1.2.x from scratch. By default it updates the values hourly.

hi mjducharme,

i just follow your instruction and i can see identity option for filter on device page. but it seems i can put put part of the router identity. example i have identity: router one, router two, router three, etc till router ten. and when i want to filter six it show nothing even if i have one with identity router six.

how about to filter reset button on device page ? any clue ?

You can add to the provision named “default” for this - you will have this provision if you installed 1.2.x from scratch. By default it updates the values hourly.

my genieacs installed as explained on docs with run " sudo npm install -g --unsafe-perm genieacs@1.2.5". any clue how to run summon each time of inform run ?

thank you

You have to use % for the part of the name that you are not sure about - ex. for %six will find any routers where the identity ends in “six”, six% will find any routers where the identity starts with “six”, %six% will filter for anything that has “six” anywhere in the identity.

I don’t think blocking the reset button is possible.

As I said you can go into provisions and edit the “default” provision to add the other parameters that you want to pull that it isn’t pulling.

thank you for your reply mjducharme,

when we go to Admin - Permission and click New, there is column Filter.
what is this column for and how to enter the information here ? i think this is the way to filter some function such as Reset button, CMIIW.

P

Yes - The filter function is in case users should only see a subset of devices instead of all devices. So for instance, you could limit a user to only be able to see devices that have a hardware model of “WAP-EN1750R” and no other devices. It is the same thing as filtering the device list itself, but the filter applied through the permission settings cannot be removed by the user.

hm… so it means no way to filter such function (such as to prevent reset pressed) ?
so far no manual and or explanation on regards of this menu yet.

P

No, I don’t believe so. The filters are only about filtering the list of all devices or the list of all faults or the list of all files etc. so that instead of saying all devices or all faults or all files, you only see some of the devices or some of the faults or some of the files.

It can be used for situations like simple multitenancy, so that if you have a reseller, you can give the reseller access to only see their devices so that they cannot see the devices that they are not a reseller for. But it does not appear there is any way to restrict particular buttons like the reset button so that they are only available for specific users.

It is indeed possible to restrict factory reset. In the relevant permission object, use the following expression in the ‘validate’ field:

mutationType <> "task" OR mutation.name <> "factoryReset"

Every mutating action by the user is validated through this expression so it’s pretty flexible. Unfortunately, none of this is documented :frowning:

2 Likes

thank you zaidka,

so, filter field is to filter the object yah ? not to filter the permission ?

Paul

hi zaidka,

when the expresion on validate field filled with

mutationType <> "task" OR mutation.name <> "factoryReset"

the user can not reset the object but the same user also can not push the file.

could you please to let me know the correct expression so the user can not reset but can push the file ?

thank you
P

Try:

mutationType <> "task" OR mutation.name <> "factoryReset" OR mutation.name IS NULL

Reason is that, like in SQL, an inequality clause with a NULL value will always return NULL.

Note that you can’t do:

NOT (mutationType = "task" AND mutation.name = "factoryReset")

Because a negation of a NULL value is still NULL (standard SQL behavior).

But something like this should also do the trick:

CASE WHEN mutationType = "task" AND mutation.name = "factoryReset" THEN false ELSE true END

hi zaidka,

thank you for yr quick response, unfortunatelly it does not work with response “Not authorized” when ‘Push file’ clicked.

EDIT: it works after i add resource: files access: read and validate: true on the same role group

thank you

P

hello zaidka,

could you please to give the clue on regards of the mentioned filter, so the user will not to be able to delete any device ?

thank you

P