Hi Remi,
Thanks for your answer.
* You can restrict view/submit/change permissions per device and per groups. So go into the specific device admin page (something * like https://<instance>/admin/lava_scheduler_app/device/<hostname>/change/https://%3cinstance%3e/admin/lava_scheduler_app/device/%3chostname%3e/change/). * At the bottom of the page you will be able to add the restrictions.
This is exactly what I had done previously. Adding the “lava_scheduler_app | device | Can change device” permission to our group does not seem to have any effect.
Regards,
Seb
From: Remi Duraffort remi.duraffort@linaro.org Sent: Tuesday, January 26, 2021 9:55 AM To: Sebastien Haezebrouck sebastien.haezebrouck@nxp.com Cc: lava-users@lists.lavasoftware.org Subject: [EXT] Re: [Lava-users] Unable to change device health state without being admin
Caution: EXT Email Hello,
the authorization models changed some time ago. The doc for the new model is here: https://docs.lavasoftware.org/lava/authorization.htmlhttps://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.lavasoftware.org%2Flava%2Fauthorization.html&data=04%7C01%7Csebastien.haezebrouck%40nxp.com%7Ca7d012dcba4d49643c1b08d8c1d82259%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C637472481641750214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=wJEkyxpBsEYQA1ZziEQQd6okT8TOl0m5a7kplgEdTMk%3D&reserved=0
You can restrict view/submit/change permissions per device and per groups. So go into the specific device admin page (something like https://<instance>/admin/lava_scheduler_app/device/<hostname>/change/https://%3cinstance%3e/admin/lava_scheduler_app/device/%3chostname%3e/change/). At the bottom of the page you will be able to add the restrictions.
Rgds
Le jeu. 17 déc. 2020 à 16:47, Sebastien Haezebrouck <sebastien.haezebrouck@nxp.commailto:sebastien.haezebrouck@nxp.com> a écrit : Hi,
We used to set devices access permission using groups. So we would restrict access to a subset of devices to members of a specific group. When switching to lava 2020.10, it seems the permission to change a device does not allow to change device health state anymore. This used to be possible in previous version, and was very convenient for maintenance. With 2020.10 it seems only a lava admin is allowed to change a device health. Is it the expected behavior ? Did I miss an option somewhere ?
A bit more details:
All our devices are set to:
* “device owner”->”Group with physical access” -> our_group. * “group device permissions”->”lava_sched_app |device | Can change device” -> “Group” -> our_group. * I intentionally did not give any specific permission to the “our_group” group, like “Can change device”, since it would allow members of this group to change any devices. Access control has to work both ways 😊
Kind regards,
Seb _______________________________________________ Lava-users mailing list Lava-users@lists.lavasoftware.orgmailto:Lava-users@lists.lavasoftware.org https://lists.lavasoftware.org/mailman/listinfo/lava-usershttps://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.lavasoftware.org%2Fmailman%2Flistinfo%2Flava-users&data=04%7C01%7Csebastien.haezebrouck%40nxp.com%7Ca7d012dcba4d49643c1b08d8c1d82259%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C637472481641760212%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=WQLlwa%2BjiDoL%2BXC6tx%2B7mUYLSPwe6FnFR%2B9doph5mWI%3D&reserved=0
-- Rémi Duraffort LAVA Architect Linaro