Project

General

Profile

Actions

Feature #4580

closed

Streamline user management workflows

Added by Pavel Kácha about 5 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Development - GUI
Target version:
Start date:
01/22/2019
Due date:
% Done:

0%

Estimated time:
To be discussed:

Description

Umbrella issue for handing user management over to security teams themselves. We'll split subissues or dependent issues as needed and as feasible from discussions.

Problem: Users are accepted into Mentat arbitrarily based on federation data and knowledge of CESNET-CERTS, which is scarce and incomplete (often wild guess).

Current state:

  • user not assigned to group sees all the events (through alerts search) - ok for researchers or special cases
  • group member sees reports, graphs, rules, list of group members
  • group manager can add/remove users of the group, add/remove managers of the group

When unknown user comes to Mentat login page, it allows to register. Registration is then reviewed by Mentat admin (sic), who enables the user and potentially adds him into some group.

Idea

  1. On registration, user chooses its abuse group (or none), and will be also allowed to fill some free text area for special cases.
  2. If group is chosen, group admin gets the message and it's up to him to accept user into his group or promote him to group admin.
  3. If not, or group admin is unknown, main admin is notified. Note that it probably is not a good idea to bother Mentat admin, there should be possibility of "secretary" admin contact, or leverage network hierarchy.

"Secretary" admins (CESNET-CERTS) will thus appoint only group admins and solve special cases (group admin leaves org/group loses admin, user is not group member, but only a researcher or so).

The hole remains on how to verify group admins - that will most probably have to stay in the hands of "secretary" admins.

What to do

Open for discussion.

  • Add group chooser into registration page.
  • Add freetext area into registration page.
  • Implement mail notification (notify group admin or "secretary" admin).

Related issues

Related to Mentat - Feature #5762: Simplify group member management for group managersClosedJan Mach09/02/2019

Actions
Actions

Also available in: Atom PDF