NOTE - THIS IS NOT A PUBLICLY AVAILABLE RELEASE.
IMPORTANT CHANGES
Open-AudIT 1.14 is intended to be the precursor to Open-AudIT 2.0. As such it has changed the way a lot of items in the application work. Please thoroughly read this document before upgrading.
Groups Deprecated
Groups as the primary source of authorisation have been deprecated. A user no longer has a permission on a group. A user has a role which works in combination with an Org (see below).
Organisations Promoted
The primary method for authorisation (what objects user access) is now based on the users Org(s). A user can have access on multiple Orgs but is assigned a primary Org.
Users and Roles
The primary method for authorisation (what a user can do) is now based on the users Roles. Roles are defined as admin, org_admin, reporter and user. Each role has a set of permissions (Create, Read, Update, Delete) for each endpoint. Standard roles (as shipped should cover 99.9% of use-cases. The ability to define additional roles and edit existing roles is enabled in Open-AudIT Enterprise.
Endpoints
Each object with Open-AudIT now has an endpoint. An endpoint is used in the URL and JSON API for creating, reading, updating and deleting objects. Endpoints exist for - configuration, connections, credentials, database, devices, discoveries, fields, files, groups, help, ldap_servers, locations, logon, logs, networks, orgs, queries, roles, scripts, summaries, users. Endpoints are used in combination with the request type (GET, POST, PATCH, DELETE) to enable management of the objects within an endpoint. We have tried to be as close as possible to http://jsonapi.org in our implementation.
Summaries v Queries
What used to be called queries or reports within Open-AudIT are now split into two different endpoints. The difference being that a Summary uses "group by" in it's SQL and provides the ability to "drill down" through results. A good example being the Installed Software summary. Regular old queries that provide a simple list of things remain the same. By default all queries are now active. No longer do you need to activate individual queries. Summaries also have a special collection page that shows icons and counts for the other endpoints. By default the homepage is set to groups, but this can be changed to summaries.
Active Directory Discovery
Because we now have a discoveries endpoint and because the entire objective of Open-AudIT is to find out "What's on your network?", Active Directory discovery has changed. Now when you configure an Active Directory discovery, Open-AudIT will reach out to the Domain Controller you specify and ask for a list of subnets in Active Directory. It will then create a discoveries item for each subnet and run them. This way you'll find every device including printers, switches, routers and everything else - not just Windows PCs.
Change Log
Open-AudIT | Improvement | "Back" button on individual resources pages (read, update) |
Open-AudIT | Sub-task | OMK-3107 #1 Flag for OA to use AD for RBAC auth |
Open-AudIT | Improvement | #1.0 DB schema upgrade for RBAC for OA - roles |
Open-AudIT | Sub-task | OMK-3107 #1.1 DB schema upgrade for RBAC for OA - users |
Open-AudIT | Improvement | #1.2 DB schema upgrade for RBAC for OA - endpoints, org_id's |
Open-AudIT | Sub-task | OMK-3107 #2 Get all user AD groups |
Open-AudIT | Sub-task | OMK-3107 #2 Roles controller / templates |
Open-AudIT | Sub-task | OMK-3107 #3 Update user details with AD details |
Open-AudIT | Sub-task | OMK-3107 #3 User frontend to assign a user to a "primary" org and roles |
Open-AudIT | Sub-task | OMK-3107 #4 - Create user "is authorised" function |
Open-AudIT | Sub-task | OMK-3107 #5 Controllers permissions and use the "is_authorised" function |
Open-AudIT | Sub-task | OMK-3107 #6 Implement org_id for users |
Open-AudIT | Task | /import action for endpoints |
Open-AudIT | Improvement | /logs endpoint |
Open-AudIT | Bug | 1.12.10 upgrade script should set roles for 'everyone else' |
Open-AudIT | Bug | AD Discovery - do not store credentials with the discovery |
Open-AudIT | Improvement | AD Discovery - do not wait for script completion |
Open-AudIT | Sub-task | OMK-3107 AD for RBAC for OA |
Open-AudIT | Improvement | Ability to run multiple groups in a report |
Open-AudIT | Task | Ability to sort tables in OAC bootstrap |
Open-AudIT | Bug | Active Directory Discovery |
Open-AudIT | New Feature | Add a "Run Now" button ot the task list |
Open-AudIT | Request | Add groups to new 'users' read template |
Open-AudIT Enterprise | Bug | Baselines "Add Policies From Device" hostname search |
Open-AudIT | Bug | Blessed Subnets doesn't work using IPv6 |
Open-AudIT Enterprise | Improvement | Bring OAE up to speed with the OAC changes |
Open-AudIT Enterprise | Improvement | Change OAE to use sessions or cookies instead of sending the credentials to OAC with every request |
Open-AudIT | Bug | Change default datetime |
Open-AudIT | Task | Change default org and location id's |
Open-AudIT | Bug | Check / Ensure the database backup includes the stored procedure |
Open-AudIT | Improvement | Code - Extra config items for device matching |
Open-AudIT Enterprise | Task | Config in OAE |
Open-AudIT | Task | Configuration Endpoint |
Open-AudIT Enterprise | Bug | Create Discovery in OAE without selecting "assign device to[org|location]" error |
Open-AudIT | Task | Database Endpoint |
Open-AudIT | New Feature | Delete all user sessions |
Open-AudIT | Bug | Device Attachments |
Open-AudIT | New Feature | Device Details page -> Discover Device, move to new function |
Open-AudIT Enterprise | Task | Device History |
Open-AudIT | Task | Discoveries endpoint |
Open-AudIT | Task | Discoveries endpoint under Windows |
Open-AudIT | Bug | Discovery run script |
Open-AudIT | Improvement | Display users with the selected role |
Open-AudIT | Bug | Edit config - remove value |
Open-AudIT | Bug | Edit fields, change org gives error |
Open-AudIT | Bug | Edit roles |
Open-AudIT | Bug | Enable export in Bootstrap toolbar in OAC |
Open-AudIT | Task | Expose Queries |
Open-AudIT | Improvement | Extra column in Summaries for display |
Open-AudIT | Improvement | Fix JS for IE |
Open-AudIT | Bug | Fix the menu links in OAC to OAE |
Open-AudIT | Task | Groups endpoint |
Open-AudIT | Improvement | Help Pages |
Open-AudIT | New Feature | Help page containing DB table structure |
Open-AudIT | Bug | Installer set permissions on other/scripts? |
Open-AudIT | Issue | JSON Restful API in OA |
Open-AudIT | Improvement | JSON Restful API in OA Paging Report Datasets (was Cope with 1M+ rows in a report) |
Open-AudIT | Request | JSON Restful API in OA uses groups and users as per the rest of the application. |
Open-AudIT Enterprise | Task | Maps in OAE |
Open-AudIT Enterprise | Task | Modal when date promtped |
Open-AudIT | Bug | New role - provide a default permission on summaries (homepage) |
Open-AudIT | New Feature | OA Multi tenancy - extra user permission "org admin" |
Open-AudIT | New Feature | OA Multi tenancy - user to location |
Open-AudIT | New Feature | OA Multi tenancy - user to org |
Open-AudIT | New Feature | OA Multi tenancy - user to report |
Open-AudIT Enterprise | Task | OAE Baselines |
Open-AudIT Enterprise | Task | OAE Credentials |
Open-AudIT Enterprise | Task | OAE Device Details |
Open-AudIT Enterprise | Bug | OAE Devices -> Refine Display |
Open-AudIT Enterprise | Task | OAE Discovery (including AD) |
Open-AudIT Enterprise | Task | OAE Files |
Open-AudIT Enterprise | Task | OAE Files |
Open-AudIT Enterprise | Task | OAE Multi Report |
Open-AudIT Enterprise | Task | OAE Search |
Open-AudIT Enterprise | Task | OAE Tasks |
Open-AudIT Enterprise | Task | OAE graphs should not call logon |
Open-AudIT Enterprise | Task | OAE logon |
Open-AudIT Enterprise | Bug | OAE report OS Types - cater to 'Other' |
Open-AudIT Enterprise | Task | OAE rest_nodes |
Open-AudIT | Improvement | On Orgs read and collection - show the AD group |
Open-AudIT | Improvement | Open-AudIT Bootstrap Skin, Opmantek L&F |
Open-AudIT | Bug | Option in config to disable match on serial + type |
Open-AudIT | Bug | Output helper being too helpful (with *id columns) |
Open-AudIT | Bug | Prevent edit default org parent |
Open-AudIT | Bug | Queries Endpoint |
Open-AudIT Enterprise | Task | Queries in OAE |
Open-AudIT | New Feature | RBAC for OA |
Open-AudIT Enterprise | Bug | Remove $self->param use as an array |
Open-AudIT Enterprise | Improvement | Remove Ubuntu 16.04 restriction from installer |
Open-AudIT | Improvement | Remove or hide edit button until feature is complete - placeholder page is not a good look. |
Open-AudIT | Improvement | Rename some descriptirs on the SNMP v3 fields |
Open-AudIT | Improvement | Report Definition revisions to include all relevant columns |
Open-AudIT Enterprise | Task | Reports in OAE |
Open-AudIT | Improvement | Review 'collection' templates |
Open-AudIT | Bug | Review and match role permissions to endpoints |
Open-AudIT | Bug | SNMP scan from device details page |
Open-AudIT | Request | Schedule discovery form still includes completing credential details |
Open-AudIT | Bug | Search is broken |
Open-AudIT Enterprise | Improvement | Should the "System" menu in OAE be renamed to "Admin"? |
Open-AudIT | Task | Sort Orgs in drop downs |
Open-AudIT | Improvement | Summaries use standard 1,000 row limit as per /devices |
Open-AudIT Enterprise | Request | Too many "Device Details" options in the menu for OAE |
Open-AudIT | Bug | View Devices button on network display page not working in IE 11 |
Open-AudIT Enterprise | Issue | Viewing other in OS view results in nothing to see |
Open-AudIT | Task | When a user has no roles, kick them to the logon page |
Open-AudIT | Request | When viewing any endpoint with Create permissions there should be a visible button to create |
Open-AudIT | Bug | create org, after redirect new org not in collection list |
Open-AudIT | Bug | default queries can be deleted |
Open-AudIT | Task | Discoveries endpoint |
Open-AudIT Enterprise | Bug | Filtering on Queries not working |
Open-AudIT | Improvement | Fix SVG definitions for IE |