Text only | Text with Images

OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: wired2network on July 07, 2023, 02:04:56 AM

Title: Zenarmor User Permissions help
Post by: wired2network on July 07, 2023, 02:04:56 AM
I am trying to allow a Normal User to have access to the Zenarmor Policies section. I have updated the configuration in usr/local/opnsense/mvc/app/models/OPNsense/Sensei/ACL/ACL.xml file with:

        <page-sensei-policies>
            <name>Zenarmor: Policies</name>
            <patterns>
                <pattern>ui/sensei/#/policies/*</pattern>
                <pattern>api/sensei/query/*</pattern>
                <pattern>api/sensei/policy/*</pattern>
                <pattern>api/sensei/settings/*</pattern>
                <pattern>api/sensei/service/*</pattern>
                <pattern>api/sensei/engine/*</pattern>
                <pattern>api/sensei/update/*</pattern>
                <pattern>api/sensei/tools/*</pattern>
            </patterns>
        </page-sensei-policies>

Once added, the User permissions shows this as an available option to add to a Normal User, but the option doesn't show up in the sidebar once the permission has been granted to the user. *rebooted to verify, also added to User Group with no avail.

I followed the UI scheme identified in the /tmp/opnsense_menu_cache.xml:

       <Policies order="40" VisibleName="Policies" url="/ui/sensei/#/policies" cssClass="fa fa-exchange fa-fw"/>

and the policy shows up in the /conf/config.xml under the user's profile. Can anyone help me figure out why the Policies option isn't showing up in the sidebar for my Normal User after I've added the permission to the profile?
Title: Re: Zenarmor User Permissions help
Post by: wired2network on July 07, 2023, 04:39:00 AM
I tried adding this configuration change and all the options showed up:

   <page-sensei>
            <name>Zenarmor: </name>
            <patterns>
                <pattern>ui/sensei/*</pattern>
                <pattern>api/sensei/query/*</pattern>
                <pattern>api/sensei/policy/*</pattern>
                <pattern>api/sensei/settings/*</pattern>
                <pattern>api/sensei/service/*</pattern>
                <pattern>api/sensei/engine/*</pattern>
                <pattern>api/sensei/update/*</pattern>
                <pattern>api/sensei/tools/*</pattern>
            </patterns>
        </page-sensei>

This leads me to believe that the issue is the page identification </page-sensei-policies> that is the error, any help identifying this landing pages title would be greatly appreciated!
Title: Re: Zenarmor User Permissions help
Post by: sy on July 11, 2023, 02:50:48 PM
Hi,

In the current version, Zenarmor allows you to privilege Dashboard and reports yet. The others menu will be implemented step by step for the upcoming releases.


Title: Re: Zenarmor User Permissions help
Post by: wired2network on July 11, 2023, 04:05:45 PM
Sy,

I really appreciate your response and am excited to for those updates! I will continue to work with using the full permission ACL that I had tested above for now!

Text only | Text with Images