IMPORTANT CHANGES
Open-AudIT 1.14 is intended to be the precursor to Open-AudIT 2.0. As such it has changed the way a lot of items in the application work. Please thoroughly read this document before upgrading.
Groups Deprecated
Groups as the primary source of authorisation have been deprecated. A user no longer has a permission on a group. A user has a role which works in combination with an Org (see below).
Organisations Promoted
The primary method for authorisation (what objects user access) is now based on the users Org(s). A user can have access on multiple Orgs but is assigned a primary Org.
Users and Roles
The primary method for authorisation (what a user can do) is now based on the users Roles. Roles are defined as admin, org_admin, reporter and user. Each role has a set of permissions (Create, Read, Update, Delete) for each endpoint. Standard roles (as shipped should cover 99.9% of use-cases. The ability to define additional roles and edit existing roles is enabled in Open-AudIT Enterprise.
Endpoints
Each object with Open-AudIT now has an endpoint. An endpoint is used in the URL and JSON API for creating, reading, updating and deleting objects. Endpoints exist for - configuration, connections, credentials, database, devices, discoveries, fields, files, groups, help, ldap_servers, locations, logon, logs, networks, orgs, queries, roles, scripts, summaries, users.
Summaries v Queries
What used to be called queries or reports within Open-AudIT are now split into two different endpoints. The difference being that a Summary uses "group by" in it's SQL and provides the ability to "drill down" through results. A good example being the Installed Software summary. Regular old queries that provide a simple list of things remain the same. By default all queries are now active. No longer do you need to activate individual queries. Summaries also have a special collection page that shows icons and counts for the other endpoints. By default the homepage is set to groups, but this can be changed to summaries.
Change Log
| Open-AudIT | Improvement | "Back" button on individual resources pages (read, update) |
| Open-AudIT | Sub-task | OMK-3107 #1 Flag for OA to use AD for RBAC auth |
| Open-AudIT | Improvement | #1.0 DB schema upgrade for RBAC for OA - roles |
| Open-AudIT | Sub-task | OMK-3107 #1.1 DB schema upgrade for RBAC for OA - users |
| Open-AudIT | Improvement | #1.2 DB schema upgrade for RBAC for OA - endpoints, org_id's |
| Open-AudIT | Sub-task | OMK-3107 #2 Get all user AD groups |
| Open-AudIT | Sub-task | OMK-3107 #2 Roles controller / templates |
| Open-AudIT | Sub-task | OMK-3107 #3 Update user details with AD details |
| Open-AudIT | Sub-task | OMK-3107 #3 User frontend to assign a user to a "primary" org and roles |
| Open-AudIT | Sub-task | OMK-3107 #4 - Create user "is authorised" function |
| Open-AudIT | Sub-task | OMK-3107 #5 Controllers permissions and use the "is_authorised" function |
| Open-AudIT | Sub-task | OMK-3107 #6 Implement org_id for users |
| Open-AudIT | Task | /import action for endpoints |
| Open-AudIT | Improvement | /logs endpoint |
| Open-AudIT | Bug | 1.12.10 upgrade script should set roles for 'everyone else' |
| Open-AudIT | Bug | AD Discovery - do not store credentials with the discovery |
| Open-AudIT | Improvement | AD Discovery - do not wait for script completion |
| Open-AudIT | Sub-task | OMK-3107 AD for RBAC for OA |
| Open-AudIT | Improvement | Ability to run multiple groups in a report |
| Open-AudIT | Task | Ability to sort tables in OAC bootstrap |
| Open-AudIT | Bug | Active Directory Discovery |
| Open-AudIT | New Feature | Add a "Run Now" button ot the task list |
| Open-AudIT | Request | Add groups to new 'users' read template |
| Open-AudIT Enterprise | Bug | Baselines "Add Policies From Device" hostname search |
| Open-AudIT | Bug | Blessed Subnets doesn't work using IPv6 |
| Open-AudIT Enterprise | Improvement | Bring OAE up to speed with the OAC changes |
| Open-AudIT Enterprise | Improvement | Change OAE to use sessions or cookies instead of sending the credentials to OAC with every request |
| Open-AudIT | Bug | Change default datetime |
| Open-AudIT | Task | Change default org and location id's |
| Open-AudIT | Bug | Check / Ensure the database backup includes the stored procedure |
| Open-AudIT | Improvement | Code - Extra config items for device matching |
| Open-AudIT Enterprise | Task | Config in OAE |
| Open-AudIT | Task | Configuration Endpoint |
| Open-AudIT Enterprise | Bug | Create Discovery in OAE without selecting "assign device to[org|location]" error |
| Open-AudIT | Task | Database Endpoint |
| Open-AudIT | New Feature | Delete all user sessions |
| Open-AudIT | Bug | Device Attachments |
| Open-AudIT | New Feature | Device Details page -> Discover Device, move to new function |
| Open-AudIT Enterprise | Task | Device History |
| Open-AudIT | Task | Discoveries endpoint |
| Open-AudIT | Task | Discoveries endpoint under Windows |
| Open-AudIT | Bug | Discovery run script |
| Open-AudIT | Improvement | Display users with the selected role |
| Open-AudIT | Bug | Edit config - remove value |
| Open-AudIT | Bug | Edit fields, change org gives error |
| Open-AudIT | Bug | Edit roles |
| Open-AudIT | Bug | Enable export in Bootstrap toolbar in OAC |
| Open-AudIT | Task | Expose Queries |
| Open-AudIT | Improvement | Extra column in Summaries for display |
| Open-AudIT | Improvement | Fix JS for IE |
| Open-AudIT | Bug | Fix the menu links in OAC to OAE |
| Open-AudIT | Task | Groups endpoint |
| Open-AudIT | Improvement | Help Pages |
| Open-AudIT | New Feature | Help page containing DB table structure |
| Open-AudIT | Bug | Installer set permissions on other/scripts? |
| Open-AudIT | Issue | JSON Restful API in OA |
| Open-AudIT | Improvement | JSON Restful API in OA Paging Report Datasets (was Cope with 1M+ rows in a report) |
| Open-AudIT | Request | JSON Restful API in OA uses groups and users as per the rest of the application. |
| Open-AudIT Enterprise | Task | Maps in OAE |
| Open-AudIT Enterprise | Task | Modal when date promtped |
| Open-AudIT | Bug | New role - provide a default permission on summaries (homepage) |
| Open-AudIT | New Feature | OA Multi tenancy - extra user permission "org admin" |
| Open-AudIT | New Feature | OA Multi tenancy - user to location |
| Open-AudIT | New Feature | OA Multi tenancy - user to org |
| Open-AudIT | New Feature | OA Multi tenancy - user to report |
| Open-AudIT Enterprise | Task | OAE Baselines |
| Open-AudIT Enterprise | Task | OAE Credentials |
| Open-AudIT Enterprise | Task | OAE Device Details |
| Open-AudIT Enterprise | Bug | OAE Devices -> Refine Display |
| Open-AudIT Enterprise | Task | OAE Discovery (including AD) |
| Open-AudIT Enterprise | Task | OAE Files |
| Open-AudIT Enterprise | Task | OAE Files |
| Open-AudIT Enterprise | Task | OAE Multi Report |
| Open-AudIT Enterprise | Task | OAE Search |
| Open-AudIT Enterprise | Task | OAE Tasks |
| Open-AudIT Enterprise | Task | OAE graphs should not call logon |
| Open-AudIT Enterprise | Task | OAE logon |
| Open-AudIT Enterprise | Bug | OAE report OS Types - cater to 'Other' |
| Open-AudIT Enterprise | Task | OAE rest_nodes |
| Open-AudIT | Improvement | On Orgs read and collection - show the AD group |
| Open-AudIT | Improvement | Open-AudIT Bootstrap Skin, Opmantek L&F |
| Open-AudIT | Bug | Option in config to disable match on serial + type |
| Open-AudIT | Bug | Output helper being too helpful (with *id columns) |
| Open-AudIT | Bug | Prevent edit default org parent |
| Open-AudIT | Bug | Queries Endpoint |
| Open-AudIT Enterprise | Task | Queries in OAE |
| Open-AudIT | New Feature | RBAC for OA |
| Open-AudIT Enterprise | Bug | Remove $self->param use as an array |
| Open-AudIT Enterprise | Improvement | Remove Ubuntu 16.04 restriction from installer |
| Open-AudIT | Improvement | Remove or hide edit button until feature is complete - placeholder page is not a good look. |
| Open-AudIT | Improvement | Rename some descriptirs on the SNMP v3 fields |
| Open-AudIT | Improvement | Report Definition revisions to include all relevant columns |
| Open-AudIT Enterprise | Task | Reports in OAE |
| Open-AudIT | Improvement | Review 'collection' templates |
| Open-AudIT | Bug | Review and match role permissions to endpoints |
| Open-AudIT | Bug | SNMP scan from device details page |
| Open-AudIT | Request | Schedule discovery form still includes completing credential details |
| Open-AudIT | Bug | Search is broken |
| Open-AudIT Enterprise | Improvement | Should the "System" menu in OAE be renamed to "Admin"? |
| Open-AudIT | Task | Sort Orgs in drop downs |
| Open-AudIT | Improvement | Summaries use standard 1,000 row limit as per /devices |
| Open-AudIT Enterprise | Request | Too many "Device Details" options in the menu for OAE |
| Open-AudIT | Bug | View Devices button on network display page not working in IE 11 |
| Open-AudIT Enterprise | Issue | Viewing other in OS view results in nothing to see |
| Open-AudIT | Task | When a user has no roles, kick them to the logon page |
| Open-AudIT | Request | When viewing any endpoint with Create permissions there should be a visible button to create |
| Open-AudIT | Bug | create org, after redirect new org not in collection list |
| Open-AudIT | Bug | default queries can be deleted |
| Open-AudIT | Task | Discoveries endpoint |
| Open-AudIT Enterprise | Bug | Filtering on Queries not working |
| Open-AudIT | Improvement | Fix SVG definitions for IE |