Introduction
As at Open-AudIT 2.0 we have changed the way Groups are used within Open-AudIT. Groups used to be the way to assign a user rights to devices. A user had a level of access to a group (or groups). This is no longer the case.
As at Open-AudIT 2.0, users are assigned a role (or roles) and access is based upon the organisations a user has access to. Groups are used mainly for reporting convienence and Baselines within Open-AudIT Enterprise.
How Does it Work?
Groups are used as simple lists of devices that match the required conditions. They no longer (as at 2.0) support returning different attribute lists for display. If requested using JSON they return a list of system.id's only. If requested using the web interface, they return the standard column attribute list.
Creating a Group
A group can be created using the web interface if a user has a role that contains the group::create permission. Go to menu -> Resources -> Groups -> Create. There is also a create button on the collection page. A user must include the filter clause in the where filter, ie - WHERE @filter. This is required so Open-AudIT can return only those devices a user has access rights to. Examples are on the Help -> Default Group List page (see below).
Default Groups
There are sixteen default groups. They are below. The default group definitions can also be found in the application at menu -> Help -> Default Group List. You will see a list of the default groups and the attributes used to create them.
mysql> select name from groups; +---------------------------------------+ | name | +---------------------------------------+ | All Devices | | Apple Computers | | Centos Computers | | Computers | | Computers | | Debian Computers | | Linux Computers | | Open-AudIT Enterprise Managed Devices | | Printers | | Public IP Devices | | RedHat Computers | | Routers | | Switches | | Windows Computers | | Windows Servers | | Windows Workstations | +---------------------------------------+ 16 rows in set (0.00 sec)
Database Schema
The schema for the database is below. It can also be found in the application is the user has database::read permission by going to menu -> Admin -> Database -> List, then clicking on the groups table.
CREATE TABLE `groups` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT, `org_id` int(10) unsigned NOT NULL DEFAULT '1', `name` varchar(100) NOT NULL DEFAULT '', `description` text NOT NULL, `sql` text NOT NULL, `link` text NOT NULL, `expose` enum('y','n') NOT NULL DEFAULT 'y', `edited_by` varchar(200) NOT NULL DEFAULT '', `edited_date` datetime NOT NULL DEFAULT '2000-01-01 00:00:00', PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Example Database Entry
id: 15 org_id: 1 name: Windows Servers description: Devices with type = computer and os_name like Windows Server. sql: SELECT DISTINCT(system.id) FROM system WHERE @filter AND system.type = 'computer' AND os_name LIKE '%windows%server%' link: expose: y edited_by: system edited_date: 2016-11-28 04:53:59
API / Web Access?
You can access the /scripts collection using the normal Open-AudIT JSON based API. Just like any other collection. Please see the API documentation for further details.
API Routes
Request Method | ID | Action | Resulting Function | Permission Required | URL Example | Notes | Example Response |
---|---|---|---|---|---|---|---|
GET | n | collection | groups::read | /groups | Returns a list of groups. | ||
GET | y | read | groups::read | /groups/{id} | Returns a groups details. | ||
PATCH | y | update | groups::update | /groups/{id} | Update an attribute of a groups entry. | ||
POST | n | create | groups::create | /groups | Insert a new groups entry. | ||
DELETE | y | delete | groups::delete | /groups/{id} | Delete a groups entry. |
Web Application Routes
Request Method | ID | Action | Resulting Function | Permission Required | URL Example | Notes |
---|---|---|---|---|---|---|
GET | n | create | create_form | groups::create | /groups/create | Displays a standard web form for submission to POST /scripts. |
GET | y | update | update_form | groups::update | /groups/{id}/update | Show the script details with the option to update attributes using PATCH to /groups/{id} |