Skip to content

User Device Access Permissions

Background

The on prem Vista Manager has too much flexibility in assigning device permissions to users such that mongo queries would become too slow in larger networks. This happened because the mongo queries needed to list out the bespoke lists of device ids a user happened to have access to, with no short hands possible as those (like site or group id) are not part of all stored data.

Planned solution for One Connect

The following restrictions will allow some limited flexibility in assigning device permissions to users while keeping mongo queries performant:

  • Users can only see network management displays for one organizations devices at a time.
  • Users will be assigned a set of the locations that are within that organization as accessible to them.
  • For network management config/data storage there is one mongo database per organization.
  • All network management data stored for a devices in an organization are stored with a location id field.
  • 'On boarding' provides access to location ids for each device.
  • All mongo queries will be for a singular organization and a set of location ids.
  • It's expected locations within any organization will be minimal and will not run into the hundreds.

It is yet to be determined how feature based permissions (if any) layer on top of this.