Abiquo 4.7.2 introduces "allowed CIDRs" for roles and scopes, in addition to the user allowed CIDRs attribute. The user allowed CIDRs attribute is a list of network addresses (in CIDR format) from which the user can log into the platform. In addition to the usual privileges to manage roles and scopes, this feature has a new privilege.
Privileges: Manage role and scope allowed CIDRs
If a user does not have any allowed CIDRs, then the platform will look for allowed CIDRs for the user's role and/or scope. If there are no allowed CIDRs at any level, then the user can log in from any IP address.
When creating or editing a role or a scope, the administrator can enter Allowed CIDRs
Screenshot: Create a scope with Allowed CIDRs.
Screenshot: Create a role with Allowed CIDRs
If a user has a list of allowed CIDRs, then these will have the highest priority. The platform will allow access from these CIDRs.
The Allowed CIDRs of the user's role and scope are called Inherited allowed CIDRs for the user. To display them, edit the user and go to Advanced. The inherited CIDRs will only display if the user has no Allowed CIDRs.
Related links: