|
|
[Limiting PassThru to Specific Groups in LP8]
Greg Willits, December 19, 2004 The PassThru tag from ExecuChoice.net provides access to the server command line from Lasso. With earlier versions of Lasso Professional, the PassThru installer included the ability to limit use of PassThru to specific Lasso security groups. With the advent of Lasso 8 and the switch from MySQL to SQLite, the PassThru installer no longer includes the additional steps of creating a group to contain access to PassThru. The steps below show you exactly what to do to bring this capability back. What we're going to do is register the PassThru tag as requiring security management by the Lasso server. We'll install PassThru as a server-wide available tag, then limit its use to specific sites and groups within those sites. It is fairly simple, so no worries. Step 1: Install PassThruAs of Lasso 8.0.0, you can use PassThru 2.5.7 which may be labeled for LP7 use, but it also works with LP8. If you install PassThru from scratch, as of this writing it will create a folder named Lasso Professional 7 (if it does not exist). In that folder, you'll find /LassoModules with the file PassThru.dylib in it. That file needs to be moved to /Lasso Professional 8/LassoModules. See Figure 1. Step 2: Create PassThru Tag RecordLog into ServerAdmin.LassoApp. Click the top level Utility tab. Click the SQL tab if not already highlighted. The selections in SQL Query Browser should look like those in Figure 2. UPDATE NOTE: for Lasso 8.1 and 8.5 the database is lasso_global and not lasso_internal. Just so you see what we're doing, type the following into the SQL Statement field: SELECT * FROM security_tags and click the Issue SQL Statement button. You should see something similar to Figure 3. What we're going to do is add PassThru to that list. Type the following into the SQL Statement field: INSERT into security_tags (id_site, name, enabled) and click the Issue SQL Statement button (see Figure 4). Enter the SQL statement we did for Figure 2 and you should see a new record for PassThru. Make note of the ID column value for the PassThru record. Step 3: Find Group ID in SiteLog into SiteAdmin.LassoApp for the Lasso site (i.e. default) that you want to allow PassThru to be used in. Click the top level Utility tab. Click the SQL tab if not already highlighted. The selections in SQL Query Browser should look like those in Figure 5. Type the following into the SQL Statement field: SELECT * FROM security_groups and click the Issue SQL Statement button. You should see something similar to Figure 5. Make note of the group ID that you want to allow to use PassThru. Step 4: Add Group to Tag Security TableNow, assuming a PassThru tag ID of 61 and a group ID of 4 for example, enter the following in the SQL Statement field as shown in Figure 6 (use your actual numbers to replace the 4 and 61 examples): INSERT into security_group_tag_map (id_group, id_tag, allow_exec) To see the record you have entered, enter the following SQL statement: SELECT * FROM security_group_tag_map Step 5: Repeat for each Group/SiteRepeats steps 3 and 4 and add a record to the security_group_tag_map table for each group you want to access PassThru. To add access to groups in other sites, log into the SiteAdmin.LassoApp for each site needed. Step 6: Restart LassoServicePassThru should now be limited to just the groups you've created records for in the security_group_tag_map table(s). Thanks to Fletcher at Omnipilot for the detailed info about the admin tables and queries. |
Articles |
