Is the Nx Cloud up? Visit our Status Page for the current health and performance of the Nx Cloud.

Status Page

Add a "low privileged" user role for an integration user to use the "generic event" integration.

Answered
Permanently deleted user

It would be great if a user-role for a low-privileged "integration user" was considered for sending "generic events" instead of using a user with high-privileges.

/dan

1

Comments

6 comments

Date Votes
  • Norman
    • Network Optix team

    Hi @...,

    My apologies for our late reply, unfortunately I do not entirely understand your request. 
    Could you elaborate a bit more what it is that you would like to have?  

    0
  • Permanently deleted user

    In order to send a "generic event" (my use-case) to the server I have to use a REST API and provide valid user credentials. 

    It is not normal in enterprise software to have to use a "normal" GUI user to do an integration.  It would be better if there was a special "integration user" role that could be used to parcel permissions to that would only be allowed to use certain REST API's.  A user assigned the "integration user" role should not be able to login to the GUI at all.

    Today roles are focused on the GUI and cameras, video walls, archives, PTZ, layouts etc.

    I am asking for a role for an integration user used for REST API's.

    /dan

     

     

    0
  • Norman
    • Network Optix team

    Hi @...

    Besides what is 'normal'. Please elaborate what the downsides are in your opinion? 

    0
  • Permanently deleted user

    The downsides are having the credentials of a REAL GUI user, perhaps in the clear, stored in a script, that is simply doing a REST API integration.  Don't make the change for me though - I am not an enterprise. 

    I've seen Cloud API's use shared tokens for an integration (as does Pushover.net) that does not compromise having to have usernames/passwords at a REST API endpoint.

    I just feel that "secure by default" and "least privileged user" should be ingrained in the culture of your development team by now. :-)

    https://en.wikipedia.org/wiki/Principle_of_least_privilege

    /dan

    0
  • Permanently deleted user

    Dan, you are right, and I believe it is a part of our culture now, but we have some legacy decisions that we are slowly replacing.

    We recommend creating dedicated users for API integration, so that password is used as a token, essentially, but we have yet to figure out a more optimal way to manage that.

    0
  • Permanently deleted user

    Thanks Evgeny,

    BTW - the "generic event" REST API has worked flawlessly for me for about a year now (using 4.0 server).  I dig "analytics events" out of four Dahua cameras (python script) and send them to the server.

    /dan  

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post