How can we improve the SDA (K2000)?

Role-based access control (RBAC)

Regulate access to various functionality based on user roles and permissions. This would include granular access to capabilities such as:

- Logon to KBE
- Access to specific production images
- Server/workstation roles
- Samba share access
- Differentiate between access to deploy images, and access to log into connected machines as an admin.

189 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    RogerLAdminRogerL (Admin, Quest KACE) shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    25 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • BrianBrian commented  ·   ·  Flag as inappropriate

        Any update on when this is going to be rolled out? Would be very useful...

      • David CoeDavid Coe commented  ·   ·  Flag as inappropriate

        setup an account that has configurable rights to the Samba share folders,
        or allow Ldap accounts have configurable access to the Samba Share

        It would be nice to give one of my team members access to the samba share without having to give them the Admin Account information.

      • Yin EtzelYin Etzel commented  ·   ·  Flag as inappropriate

        We what to give our Techs the right to pull down an image only. So since the above comment by Alex Au Yeung is over 11 months old, have we a version that has the integrated K1-style permissions released yet? If so, which version?

      • MichaelMichael commented  ·   ·  Flag as inappropriate

        Looking forward to this added feature. Hopefully it will show up in 3.7 Would vote more on this if I had them.

      • brucebruce commented  ·   ·  Flag as inappropriate

        It would be nice to be able to restrict the imaging of server hardware. That way, if someone tried to image a server, they would have to have seperate credentials to do so.

        Even further, be able to use the K1's smart labels or some other mechanism , maybe even just IP range, to restrict who has what access to imaging certain groups of machines.

      • Paul KochiePaul Kochie commented  ·   ·  Flag as inappropriate

        The only thing I'd like my "ReadOnly Admin" users to be able to do is capture User States.

      • JonJon commented  ·   ·  Flag as inappropriate

        Our desktop team uses the PXE features of the k2 to logon to the KBE to image machines. The problem being that they then have access to all of the images stored on the k2. I would be nice to have the ability to define roles on the k2 and assign them certain functionality and access to certain production images.

      • Karl NgKarl Ng commented  ·   ·  Flag as inappropriate

        I would like the ability to create roles in the k2000 and also in the rsa. I would like my techs to be able to vnc into a scripted install and kick off there installs without having to physical be in front of the machine. The techs may have 50 machines to image and it would be benefical for them to remotely manage them. I do not want to give them access to the k2000 because they would have the ability to change the scripted installs or alter, delete or change the operating systems, boot files, etc.

      • KFortneyKFortney commented  ·   ·  Flag as inappropriate

        This would really help make things more granular in our organization. I am hesitant to assign work for parts of the server when other parts will be vulnerable to people who do not need access to server settings and the like.

      • NicolasNicolas commented  ·   ·  Flag as inappropriate

        In our environment, the IT team and the R&D team have to deploy OSes. But they not have to deploy the same environments.

      • GillesGilles commented  ·   ·  Flag as inappropriate

        This would be very useful to delegate the managing of part of our computers

      • Philip LangloisPhilip Langlois commented  ·   ·  Flag as inappropriate

        This would be awesome. Could be based on an AD OU or locally named users. To be able to restrict some image deployment to specific user would be great (i.e.: Server image not available to a specific project user).

      • philologistphilologist commented  ·   ·  Flag as inappropriate

        Currently giving helpdesk staff the password to deploy an image gives them access to deploy every image, and to log into machines remotely with administrator priviledges. It would be nice to at least differentiate between personnel with access to deploy images, and personnel with access to log into connected machines as an admin. This is espeically important with RSAs, where remote offices may have an "advanced user" rather than actual helpdesk personnel. The significant problem with allowing people to deploy images is that it also currently grants those people full access to remotely administrate any workstation or server they can reach.

      • Phil CrosbyPhil Crosby commented  ·   ·  Flag as inappropriate

        Take the current idea of Orgs in the K1000 and use it in the K2000. This way users from different departments in the same LAN can manage their own images and not touch anyone elses.

      • BlaiseGBlaiseG commented  ·   ·  Flag as inappropriate

        Why was this functionality not 'built-in'? I cannot think of a single use-case where the 'readonly admin' will be used. Enterprise customers need the ability to segregate who does what--the team that builds the images is not the team that deploys the images in our organization.

        I would give this suggestion 3 votes if I had any leftover.

      • DerekDerek commented  ·   ·  Flag as inappropriate

        Ability to set unique password for separate boot environments will allow people setting up workstations (typically not high level sysadmins) access to that and nothing more. Currently the password to get into KBEs is one of the main passwords for the K2000 itself.

      ← Previous 1

      Feedback and Knowledge Base