How to make multiple groups and multiple clients restricted-access name

[awsmaythem]

Hello
how can I make restricted-access multiple clients?
I saw the #92

but where to put the role
the client or authentication?

I tested 1 client 1 group
example (Zabbix)
in it has a roles called (restricted-access) and in
Groups (group role mappings) (client role) selected (restricted-access) for the Zabbix client
it's working but how to rename each client have different names like
(zabbix01.restricted-access)
(kibana03.restricted-access)

Zabbix01
(roles)=(zabbix01.restricted-access)
and in
(group role mappings)->(client role) selected (zabbix01.restricted-access) for the (Zabbix01 client)

[sventorben]

Hello @awsmaythem,

I am not sure if I really understand what you are trying to achieve here.
Do you want roles to have different names per client? That is currently not possible and I do not think I will support this in the future.
The role restricted-access must be defined per client. Therefore, the role name is the same for all clients that you want to restrict. The client works like a namespace or "scope" for the role. In #92 I used the notation <client_name>.<role_name> (e.g. zabbix01.restricted-access) only to distinguish roles from different clients. I did not want to imply that there is a role with that exact name.
If you want to assign roles from multiple clients to the same group, simply switch the client in the dropdown field and assign the roles as needed.

Best regards
Sven-Torben

[awsmaythem]

you mean i can set (zabbix01.restricted-access) in roles in client and select a group or user assigen a client role to it (zabbix01.restricted-access)

[awsmaythem]

[sventorben]

You do not need the prefix with the role name. The name must be the same for every client. It has to be restricted-access.

For every client that has this role defined, the authenticator will check access permissions.

To allow a user access to multiple clients, you simply need to assign all defined roles (one for every client) to the user.

I currently do not have my notebook with me. I can send some detailed pictures the next days, if that helps.

[awsmaythem]

ok
please show some detailed pictures
i think the prefix is needed for multiple clients and multiple roles , but ok i'll wait

[awsmaythem]

The Problem am having is I have 3 client services (Zabbix and Kibana and ticket system) and have groups like (team zabbix)(team logs)(team ticket)
in (zabbix client) have role (restricted-access) and (team zabbix) but (kibana client) and (team kibana) if it have (restricted-access) in role and group the (team zabbix) can access (kibana client) and (team kibana) can access (zabbix client)
i need a way to separate the role on client and group or users...

[sventorben]

Sorry for the late reply, I was off for a few days.

Let's say you have your three clients.

Add a role restricted-access to every client.

With your three groups, you can now assign the roles to your groups as needed.

Let's take team logs as an example. Open the team and assign role:

As you can see (in the new admin console at least) there are three roles, one per client.

You can now assign a combination of these roles as needed.

In the old admin console it is not that intuitive. You will need to switch clients via the dropdown box:

[awsmaythem]

that explained alot
thank you very much