Allowed CIDRs for roles and scopes

Abiquo 4.7.2 introduces "allowed CIDRs" for roles and scopes, in addition to the user allowed CIDRs attribute. The user allowed CIDRs attribute is a list of network addresses (in CIDR format) from which the user can log into the platform. In addition to the usual privileges to manage roles and scopes, this feature has a new privilege.

If a user does not have any allowed CIDRs, then the platform will look for allowed CIDRs for the user's role and/or scope. If there are no allowed CIDRs at any level, then the user can log in from any IP address.

When creating or editing a role or a scope, the administrator can enter Allowed CIDRs

Screenshot: Create a scope with Allowed CIDRs.

Screenshot: Create a role with Allowed CIDRs

If a user has a list of allowed CIDRs, then these will have the highest priority. The platform will allow access from these CIDRs.

The Allowed CIDRs of the user's role and scope are called Inherited allowed CIDRs for the user. To display them, edit the user and go to Advanced. The inherited CIDRs will only display if the user has no Allowed CIDRs.

Related links:

• Manage Scopes
• Manage Roles
• Manage Users
• Restrict user access to the platform by networks