Released 2016-12-01



Open-AudIT 1.14 is intended to be the precursor to Open-AudIT 2.0. As such it has changed the way a lot of items in the application work. Please thoroughly read this document before upgrading.

Groups Deprecated

Groups as the primary source of authorisation have been deprecated. A user no longer has a permission on a group. A user has a role which works in combination with an Org (see below).

Organisations Promoted

The primary method for authorisation (what objects user access) is now based on the users Org(s). A user can have access on multiple Orgs but is assigned a primary Org.

Users and Roles

The primary method for authorisation (what a user can do) is now based on the users Roles. Roles are defined as admin, org_admin, reporter and user. Each role has a set of permissions (Create, Read, Update, Delete) for each endpoint. Standard roles (as shipped should cover 99.9% of use-cases. The ability to define additional roles and edit existing roles is enabled in Open-AudIT Enterprise.


Each object with Open-AudIT now has an endpoint. An endpoint is used in the URL and JSON API for creating, reading, updating and deleting objects. Endpoints exist for - configuration, connections, credentials, database, devices, discoveries, fields, files, groups, help, ldap_servers, locations, logon, logs, networks, orgs, queries, roles, scripts, summaries, users. Endpoints are used in combination with the request type (GET, POST, PATCH, DELETE) to enable management of the objects within an endpoint. We have tried to be as close as possible to in our implementation.

Summaries v Queries

What used to be called queries or reports within Open-AudIT are now split into two different endpoints. The difference being that a Summary uses "group by" in it's SQL and provides the ability to "drill down" through results. A good example being the Installed Software summary. Regular old queries that provide a simple list of things remain the same. By default all queries are now active. No longer do you need to activate individual queries. Summaries also have a special collection page that shows icons and counts for the other endpoints. By default the homepage is set to groups, but this can be changed to summaries.

Active Directory Discovery

Because we now have a discoveries endpoint and because the entire objective of Open-AudIT is to find out "What's on your network?", Active Directory discovery has changed. Now when you configure an Active Directory discovery, Open-AudIT will reach out to the Domain Controller you specify and ask for a list of subnets in Active Directory. It will then create a discoveries item for each subnet and run them. This way you'll find every device including printers, switches, routers and everything else - not just Windows PCs.

Change Log

Open-AudITImprovement"Back" button on individual resources pages (read, update)
Open-AudITSub-taskOMK-3107 #1 Flag for OA to use AD for RBAC auth
Open-AudITImprovement#1.0 DB schema upgrade for RBAC for OA - roles
Open-AudITSub-taskOMK-3107 #1.1 DB schema upgrade for RBAC for OA - users
Open-AudITImprovement#1.2 DB schema upgrade for RBAC for OA - endpoints, org_id's
Open-AudITSub-taskOMK-3107 #2 Get all user AD groups
Open-AudITSub-taskOMK-3107 #2 Roles controller / templates
Open-AudITSub-taskOMK-3107 #3 Update user details with AD details
Open-AudITSub-taskOMK-3107 #3 User frontend to assign a user to a "primary" org and roles
Open-AudITSub-taskOMK-3107 #4 - Create user "is authorised" function
Open-AudITSub-taskOMK-3107 #5 Controllers permissions and use the "is_authorised" function
Open-AudITSub-taskOMK-3107 #6 Implement org_id for users
Open-AudITTask/import action for endpoints
Open-AudITImprovement/logs endpoint
Open-AudITBug1.12.10 upgrade script should set roles for 'everyone else'
Open-AudITBugAD Discovery - do not store credentials with the discovery
Open-AudITImprovementAD Discovery - do not wait for script completion
Open-AudITSub-taskOMK-3107 AD for RBAC for OA
Open-AudITImprovementAbility to run multiple groups in a report
Open-AudITTaskAbility to sort tables in OAC bootstrap
Open-AudITBugActive Directory Discovery
Open-AudITNew FeatureAdd a "Run Now" button ot the task list
Open-AudITRequestAdd groups to new 'users' read template
Open-AudIT EnterpriseBugBaselines "Add Policies From Device" hostname search
Open-AudITBugBlessed Subnets doesn't work using IPv6
Open-AudIT EnterpriseImprovementBring OAE up to speed with the OAC changes
Open-AudIT EnterpriseImprovementChange OAE to use sessions or cookies instead of sending the credentials to OAC with every request
Open-AudITBugChange default datetime
Open-AudITTaskChange default org and location id's
Open-AudITBugCheck / Ensure the database backup includes the stored procedure
Open-AudITImprovementCode - Extra config items for device matching
Open-AudIT EnterpriseTaskConfig in OAE
Open-AudITTaskConfiguration Endpoint
Open-AudIT EnterpriseBugCreate Discovery in OAE without selecting "assign device to[org|location]" error
Open-AudITTaskDatabase Endpoint
Open-AudITNew FeatureDelete all user sessions
Open-AudITBugDevice Attachments
Open-AudITNew FeatureDevice Details page -> Discover Device, move to new function
Open-AudIT EnterpriseTaskDevice History
Open-AudITTaskDiscoveries endpoint
Open-AudITTaskDiscoveries endpoint under Windows
Open-AudITBugDiscovery run script
Open-AudITImprovementDisplay users with the selected role
Open-AudITBugEdit config - remove value
Open-AudITBugEdit fields, change org gives error
Open-AudITBugEdit roles
Open-AudITBugEnable export in Bootstrap toolbar in OAC
Open-AudITTaskExpose Queries
Open-AudITImprovementExtra column in Summaries for display
Open-AudITImprovementFix JS for IE
Open-AudITBugFix the menu links in OAC to OAE
Open-AudITTaskGroups endpoint
Open-AudITImprovementHelp Pages
Open-AudITNew FeatureHelp page containing DB table structure
Open-AudITBugInstaller set permissions on other/scripts?
Open-AudITIssueJSON Restful API in OA
Open-AudITImprovementJSON Restful API in OA Paging Report Datasets (was Cope with 1M+ rows in a report)
Open-AudITRequestJSON Restful API in OA uses groups and users as per the rest of the application.
Open-AudIT EnterpriseTaskMaps in OAE
Open-AudIT EnterpriseTaskModal when date promtped
Open-AudITBugNew role - provide a default permission on summaries (homepage)
Open-AudITNew FeatureOA Multi tenancy - extra user permission "org admin"
Open-AudITNew FeatureOA Multi tenancy - user to location
Open-AudITNew FeatureOA Multi tenancy - user to org
Open-AudITNew FeatureOA Multi tenancy - user to report
Open-AudIT EnterpriseTaskOAE Baselines
Open-AudIT EnterpriseTaskOAE Credentials
Open-AudIT EnterpriseTaskOAE Device Details
Open-AudIT EnterpriseBugOAE Devices -> Refine Display
Open-AudIT EnterpriseTaskOAE Discovery (including AD)
Open-AudIT EnterpriseTaskOAE Files
Open-AudIT EnterpriseTaskOAE Files
Open-AudIT EnterpriseTaskOAE Multi Report
Open-AudIT EnterpriseTaskOAE Search
Open-AudIT EnterpriseTaskOAE Tasks
Open-AudIT EnterpriseTaskOAE graphs should not call logon
Open-AudIT EnterpriseTaskOAE logon
Open-AudIT EnterpriseBugOAE report OS Types - cater to 'Other'
Open-AudIT EnterpriseTaskOAE rest_nodes
Open-AudITImprovementOn Orgs read and collection - show the AD group
Open-AudITImprovementOpen-AudIT Bootstrap Skin, Opmantek L&F
Open-AudITBugOption in config to disable match on serial + type
Open-AudITBugOutput helper being too helpful (with *id columns)
Open-AudITBugPrevent edit default org parent
Open-AudITBugQueries Endpoint
Open-AudIT EnterpriseTaskQueries in OAE
Open-AudITNew FeatureRBAC for OA
Open-AudIT EnterpriseBugRemove $self->param use as an array
Open-AudIT EnterpriseImprovementRemove Ubuntu 16.04 restriction from installer
Open-AudITImprovementRemove or hide edit button until feature is complete - placeholder page is not a good look.
Open-AudITImprovementRename some descriptirs on the SNMP v3 fields
Open-AudITImprovementReport Definition revisions to include all relevant columns
Open-AudIT EnterpriseTaskReports in OAE
Open-AudITImprovementReview 'collection' templates
Open-AudITBugReview and match role permissions to endpoints
Open-AudITBugSNMP scan from device details page
Open-AudITRequestSchedule discovery form still includes completing credential details
Open-AudITBugSearch is broken
Open-AudIT EnterpriseImprovementShould the "System" menu in OAE be renamed to "Admin"?
Open-AudITTaskSort Orgs in drop downs
Open-AudITImprovementSummaries use standard 1,000 row limit as per /devices
Open-AudIT EnterpriseRequestToo many "Device Details" options in the menu for OAE
Open-AudITBugView Devices button on network display page not working in IE 11
Open-AudIT EnterpriseIssueViewing other in OS view results in nothing to see
Open-AudITTaskWhen a user has no roles, kick them to the logon page
Open-AudITRequestWhen viewing any endpoint with Create permissions there should be a visible button to create
Open-AudITBugcreate org, after redirect new org not in collection list
Open-AudITBugdefault queries can be deleted
Open-AudITTaskDiscoveries endpoint
Open-AudIT EnterpriseBugFiltering on Queries not working
Open-AudITImprovementFix SVG definitions for IE

  • No labels