(RADIATOR) Digipass token decentralisation, corporate risk assessment

[Bosse Klykken]

On Fri, Jul 29, 2005 at 11:04:42PM +1000, Mike McCauley wrote:
> Radmin currently enforces some permission restrictions when doing operations 
> on Digipass tokens. Generally speaking the administrator must have the USER_E 
> (user edit) permission to Allocate, Deallocate, Reset the token etc.
> 
> This could be segmented into more fine-grained permissions for different 
> operations by modifying cgi-bin/private/showDigipass.pl, and adding the 
> appropriate permissions to the Radmin permissions databse.

Thanks, Mike. For the benefit of Googlers, this is what I had to do to make
this work:

---8<---
# echo "insert into RADPERMISSIONS values (NULL, "USER_U", "Unblock Digipass")" \
| mysql -u$SQLUSR -p$SQLPWD radmin

# diff -u showDigipass.pl.old showDigipass.pl
--- showDigipass.pl.old 2005-08-03 12:25:44.000000000 +0200
+++ showDigipass.pl     2005-08-03 12:36:37.000000000 +0200
@@ -114,7 +114,7 @@
 }
 elsif ($Radmin::CGIUtil::q->param('_action') eq 'Unlock')
 {
-    &Radmin::CGIUtil::checkPermission('USER_E');
+    &Radmin::CGIUtil::checkPermission('USER_U');
     my $tokencode = $Radmin::CGIUtil::q->param('TOKENCODE');
     if (defined $tokencode)
     {
---8<---

.../Bosse
-- 
Bosse Klykken, operations consultant
Linpro AS - http://www.linpro.no

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.