Hi Remi,

Thanks for your answer.

You can restrict view/submit/change permissions per device and per groups. So go into the specific device admin page (something
like https://<instance>/admin/lava_scheduler_app/device/<hostname>/change/).
At the bottom of the page you will be able to add the restrictions.

This is exactly what I had done previously. Adding the “lava_scheduler_app | device | Can change device” permission to our group does not seem to have any effect.

Regards,

Seb

From: Remi Duraffort <remi.duraffort@linaro.org>
Sent: Tuesday, January 26, 2021 9:55 AM
To: Sebastien Haezebrouck <sebastien.haezebrouck@nxp.com>
Cc: lava-users@lists.lavasoftware.org
Subject: [EXT] Re: [Lava-users] Unable to change device health state without being admin

Caution: EXT Email

Hello,

the authorization models changed some time ago. The doc for the new model is here: https://docs.lavasoftware.org/lava/authorization.html

You can restrict view/submit/change permissions per device and per groups. So go into the specific device admin page (something like https://<instance>/admin/lava_scheduler_app/device/<hostname>/change/).

At the bottom of the page you will be able to add the restrictions.

Rgds

Le jeu. 17 déc. 2020 à 16:47, Sebastien Haezebrouck <sebastien.haezebrouck@nxp.com> a écrit :

Hi,

We used to set devices access permission using groups. So we would restrict access to a subset of devices to members of a specific group.

When switching to lava 2020.10, it seems the permission to change a device does not allow to change device health state anymore. This used to be possible in previous version, and was very convenient for maintenance. With 2020.10 it seems only a lava admin is allowed to change a device health.

Is it the expected behavior ? Did I miss an option somewhere ?

A bit more details:

All our devices are set to:

“device owner”->”Group with physical access” -> our_group.
“group device permissions”->”lava_sched_app |device | Can change device” -> “Group” -> our_group.
I intentionally did not give any specific permission to the “our_group” group, like “Can change device”, since it would allow members of this group to change any devices. Access control has to work both ways 😊

Kind regards,

Seb

_______________________________________________
Lava-users mailing list
Lava-users@lists.lavasoftware.org
https://lists.lavasoftware.org/mailman/listinfo/lava-users

Rémi Duraffort

LAVA Architect

Linaro