You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Overview

We now have Open-AudIT Community / Professional / Server. Community is as always, free and open source. Professional is a new product. It has most of the Enterprise features. Most commercial users will migrate to this product. Enterprise has some very specific Enterprise features. Combining Roles and LDAP / Active Directory authorization not being the least of them. Baselines and Files are also Enterprise specific.

Open-AudIT v2 has deprecated Groups as a primary method of access control.  It is now Roles based. A user has Roles. Those Roles can perform various actions. The User also has access to a list of Orgs. They can perform the roles actions on items that belong to the Org(s) they have access to.

Groups Deprecated

Groups as the primary source of authorisation have been deprecated. A user no longer has a permission on a group. A user has a role which works in combination with an Org (see below).

Organisations Promoted

The primary method for authorization (what objects a user can access) is now based on the users Org(s). A user can have access on multiple Orgs but is assigned a primary Org. Orgs have a parent - effectively making a classic Org Chart tree structure. If a user has access to a particular Org, the user also has access to that particular Orgs descendants.

Users and Roles

The primary method for authorization (what a user can do) is now based on the users' Roles. Roles are defined as admin, org_admin, reporter and user. Each role has a set of permissions (Create, Read, Update, Delete) for each endpoint. Standard roles as shipped should cover 99.9% of use-cases. The ability to define additional roles and edit existing roles is enabled in Open-AudIT Enterprise.

Endpoints

Each collection with Open-AudIT now has an endpoint. A collection is used in the URL and JSON API for creating, reading, updating and deleting objects. Collections exist for - attributes, charts, configuration, connections, credentials, database, devices, discovery, discoveries, errors, fields, files, groups, ldap_servers, licenses, locations, logs, networks, nmis, orgs, queries, reports, roles, scripts, search, summaries, users. Collections are used in combination with the request type (GET, POST, PATCH, DELETE) to enable management of the objects within a collection. We have tried to be as close as possible to http://jsonapi.org in our implementation.

Summaries v Queries

What used to be called queries or reports within Open-AudIT are now split into two different endpoints. The difference being that a Summary uses "group by" in it's SQL and provides the ability to "drill down" through results. A good example being the Installed Software summary. Regular old queries that provide a simple list of things remain the same. By default, all queries are now active. No longer do you need to activate individual queries. Summaries also have a special collection page that shows icons and counts for the other endpoints. By default, the homepage is set to groups, but this can be changed to summaries.

Your Group and Query definitions will need to change. We back them up into the open-audit/other/oa_group_backup.sql file (and oa_report_backup.sql) so you won't lose them. But they won't appear. You'll need to make new ones. If you need a hand, just post here.

Active Directory Discovery

Because we now have a discoveries endpoint and because the entire objective of Open-AudIT is to find out "What's on your network?", Active Directory discovery has changed. Now when you configure an Active Directory discovery, Open-AudIT will reach out to the Domain Controller you specify and ask for a list of subnets in Active Directory. It will then create a discoveries item for each subnet and run them. This way you'll find every device including printers, switches, routers and everything else - not just Windows PCs.

  • No labels