Zenarmor User Permissions help

Started by wired2network, July 07, 2023, 02:04:56 AM

Previous topic - Next topic
I am trying to allow a Normal User to have access to the Zenarmor Policies section. I have updated the configuration in usr/local/opnsense/mvc/app/models/OPNsense/Sensei/ACL/ACL.xml file with:

        <page-sensei-policies>
            <name>Zenarmor: Policies</name>
            <patterns>
                <pattern>ui/sensei/#/policies/*</pattern>
                <pattern>api/sensei/query/*</pattern>
                <pattern>api/sensei/policy/*</pattern>
                <pattern>api/sensei/settings/*</pattern>
                <pattern>api/sensei/service/*</pattern>
                <pattern>api/sensei/engine/*</pattern>
                <pattern>api/sensei/update/*</pattern>
                <pattern>api/sensei/tools/*</pattern>
            </patterns>
        </page-sensei-policies>

Once added, the User permissions shows this as an available option to add to a Normal User, but the option doesn't show up in the sidebar once the permission has been granted to the user. *rebooted to verify, also added to User Group with no avail.

I followed the UI scheme identified in the /tmp/opnsense_menu_cache.xml:

       <Policies order="40" VisibleName="Policies" url="/ui/sensei/#/policies" cssClass="fa fa-exchange fa-fw"/>

and the policy shows up in the /conf/config.xml under the user's profile. Can anyone help me figure out why the Policies option isn't showing up in the sidebar for my Normal User after I've added the permission to the profile?

I tried adding this configuration change and all the options showed up:

   <page-sensei>
            <name>Zenarmor: </name>
            <patterns>
                <pattern>ui/sensei/*</pattern>
                <pattern>api/sensei/query/*</pattern>
                <pattern>api/sensei/policy/*</pattern>
                <pattern>api/sensei/settings/*</pattern>
                <pattern>api/sensei/service/*</pattern>
                <pattern>api/sensei/engine/*</pattern>
                <pattern>api/sensei/update/*</pattern>
                <pattern>api/sensei/tools/*</pattern>
            </patterns>
        </page-sensei>

This leads me to believe that the issue is the page identification </page-sensei-policies> that is the error, any help identifying this landing pages title would be greatly appreciated!

Hi,

In the current version, Zenarmor allows you to privilege Dashboard and reports yet. The others menu will be implemented step by step for the upcoming releases.



Sy,

I really appreciate your response and am excited to for those updates! I will continue to work with using the full permission ACL that I had tested above for now!