We now have Open-AudIT Community / Professional / Server. Community is as always, free and open source. Professional is a new product. It has most of the Enterprise features. Most commercial users will migrate to this product. Enterprise has some very specific Enterprise features. Combining Roles and LDAP / Active Directory authorization not being the least of them. Baselines and Files are also Enterprise specific.
Please note that the licensing system has been updated, and existing licenses will not work for Open-AudIT Professional & Enterprise v2. You will have to obtain an updated license for this version of Open-AudIT Professional & Enterprise. You can check your licenses by visiting the My Licenses page; If unsure about your options, please email firstname.lastname@example.org.
As we now have new reports and a collection called discoveries, any tasks that exist from pre v2 will need to be edited and associated with a new discovery (which needs to be created) or the correct report.
Open-AudIT v2 has deprecated Groups as a primary method of access control. It is now Roles based. A user has Roles. Those Roles can perform various actions. The User also has access to a list of Orgs. They can perform the roles actions on items that belong to the Org(s) they have access to. Groups as the primary source of authorisation have been deprecated. A user no longer has a permission on a group. A user has a role which works in combination with an Org (see below).
The primary method for authorization (what objects a user can access) is now based on the users Org(s). A user can have access on multiple Orgs but is assigned a primary Org. Orgs have a parent - effectively making a classic Org Chart tree structure. If a user has access to a particular Org, the user also has access to that particular Orgs descendants.
Users and Roles
The primary method for authorization (what a user can do) is now based on the users' Roles. Roles are defined as admin, org_admin, reporter and user. Each role has a set of permissions (Create, Read, Update, Delete) for each endpoint. Standard roles as shipped should cover 99.9% of use-cases. The ability to define additional roles and edit existing roles is enabled in Open-AudIT Enterprise.
Each collection with Open-AudIT now has an endpoint. A collection is used in the URL and JSON API for creating, reading, updating and deleting objects. Collections exist for - attributes, charts, configuration, connections, credentials, database, devices, discovery, discoveries, errors, fields, files, groups, ldap_servers, licenses, locations, logs, networks, nmis, orgs, queries, reports, roles, scripts, search, summaries, users. Collections are used in combination with the request type (GET, POST, PATCH, DELETE) to enable management of the objects within a collection. We have tried to be as close as possible to http://jsonapi.org in our implementation.
Summaries v Queries
What used to be called queries or reports within Open-AudIT are now split into two different endpoints. The difference being that a Summary uses "group by" in it's SQL and provides the ability to "drill down" through results. A good example being the Installed Software summary. Regular old queries that provide a simple list of things remain the same. By default, all queries are now active. No longer do you need to activate individual queries. Summaries also have a special collection page that shows icons and counts for the other endpoints. By default, the homepage is set to groups, but this can be changed to summaries.
Your Group and Query definitions will need to change. We back them up into the open-audit/other/oa_group_backup.sql file (and oa_report_backup.sql) so you won't lose them. But they won't appear. You'll need to make new ones. If you need a hand, just post here.
Active Directory Discovery
Because we now have a discoveries endpoint and because the entire objective of Open-AudIT is to find out "What's on your network?", Active Directory discovery has changed. Now when you configure an Active Directory discovery, Open-AudIT will reach out to the Domain Controller you specify and ask for a list of subnets in Active Directory. It will then create a discoveries item for each subnet and run them. This way you'll find every device including printers, switches, routers and everything else - not just Windows PCs.
Open-AudIT Community now has completed the transition to a Bootstrap themed GUI. It now more closely fits with the Professional / Enterprise GUI.