A very important, fast-evolving area during the latest NetEye releases has been multi-tenancy. In a system with many tenants, the most complex aspect is probably the proper and orderly management of user permissions. To help administrators in this task, we have introduced the concept of tenant role in NetEye 4.29.
The tenant role is a role with all the necessary restrictions already set automatically without the need to set them manually, which is a process that can be very error-prone. The role is generated entirely automatically and is updated during tenant creation or modification via the
neteye tenant config create/modify command.
This concept goes along very well with the “inherit from” feature that allows for the creation of more specific roles by inheriting restrictions and permissions from a different role.
The following example will make this much clearer.
Suppose we have a user of tenant ACME srl and we want to assign them permission to access the asset management module, but only in read-only mode. How can we do this?
First we create the tenant:
neteye tenant config create acme_srl --display-name "ACME srl"
The above command also automatically creates at the same time a new tenant role with the name
If we analyze the permissions in the asset management section, we can see how the restriction related to the GLPI entity is set with the entity generated for the newly created tenant.
At this point, we simply create a role with the correct read-only role and permissions for GLPI, inherit the tenant-related restrictions from the tenant role, and associate it with the user.
In the future we’ll see together how not only role management but also tenant-level features will evolve and improve release after release. So stay tuned, and if you haven’t already done so, go read the new NetEye 4.29 release notes.
Did you find this article interesting? Does it match your skill set? Programming is at the heart of how we develop customized solutions. In fact, we’re currently hiring for roles just like this and others here at Würth Phoenix.