Limiting access to only tenants interfaces #18131
-
|
We have a setup with many tenants, and users from each tenant only have access to their objects via a permission with contstraint for example: [{"tenant_id": 1}] This does not work for interfaces since interfaces does not belong to a tenant. I saw here someone asked about adding tenancy for interfaces #3059 , but seems like a no-go My other option was to make a custom validator in python that checks tenancy for the connected device object when adding/modifying interfaces, I think this would work. It does not solve the problem with filtering the list of interfaces so that only interfaces belonging to devices of the correct tenant shows up however. I thought I could add another constraint that only applies for interface objects, and limit that to only show certain objects on some other criteria than tenant. There seems to be filters for Device type, Device role, Device etc but not anything for Device tenant? It seems really cumbersome to filter interfaces on Device and then maintain a list of all the Device objects belonging to a tenant in the constraint check... there must be a better way? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Interfaces always belong to a device, and a device belongs to a tenant. Therefore, try: as a constraint on the interfaces. (Note the double-underscore) (If you had a single device serving multiple tenants, then that wouldn't work of course) |
Beta Was this translation helpful? Give feedback.
Interfaces always belong to a device, and a device belongs to a tenant. Therefore, try:
as a constraint on the interfaces. (Note the double-underscore)
(If you had a single device serving multiple tenants, then that wouldn't work of course)