ntopng icon indicating copy to clipboard operation
ntopng copied to clipboard
verified publisher icon ntop

Improve LDAPS access

Open MatteoBiscosi opened this issue 3 years ago • 2 comments

What would you like to add or change?: It is requested to grant LDAPS authenticated users (ie. non-admin users) access to Historical Flows for the entire security group.

Other then that add the ability to use most-privileged access rather than the default least-privileged (for example, we could have a group called sg-ntopng-admins and put the administrative users in this group and provide access to everyone else using a standard all-users group).

MatteoBiscosi avatar Jul 07 '22 08:07 MatteoBiscosi

In a multi-user environment, users can have restrictions in terms of the hosts they can view. If we enable historical flows we have the problem that we cannot honour this setting, so I am against this ticket. Probably what we need to do is to create another type of non-admin user with access to historical data

lucaderi avatar Aug 10 '22 08:08 lucaderi

I agree with the request and the solution. Our security team doesn't have admin access to our NTOP instance as we (the network team) maintain it however they do want access to historical flows.

mzac avatar Apr 17 '24 20:04 mzac