1

ACL suggestions and hiding password in general tab

(edited by m.iliev 05/06/2020 01:37:21)

Topic: ACL suggestions and hiding password in general tab

Hello,
I was testing SMS commands for configuring or waking up Teltonika devices when i found that Wialon is sending two spaces before the command even when i put the access password in the command window and not in the General tab password field. Therefore the command is not working. The spaces are needed when there is no password assigned for the device.
The problem is that i have to put the password in the general tab and everyone will see the password because view connectivity settings contains device type, UID, phone, access password and messages filter. I don't want to limit the other people from viewing what devices they have installed or what is their IMEI number, because they bought them and this will help them find specific device in a vehicle. We are managing the devices so the password showing for everyone is a security bridge.
I am posting here for a suggestion to hide password access with ACL checkbox or a checkbox to disable two spaces before sending a SMS command, so that way the command can contain the actual access password.
There are other ACL that have to be redone.
For example:
Create, edit, and delete geofences, jobs, notifications, drivers, report templates, etc. In general every ACL that contain the create, edit, delete must be separate.
We have specific reports for every company we manage and we want them not to be deleted, but the reports must be visible for the company so they can be run manually. The same is for the drivers, jobs and other items.
We also want to give the opportunity for testing their own reports, but we already tried giving rights for reports and someone deleted the reports that were created by us and wasn't supposed to be deleted.
There is a possibility to make reports and other items in one account above all companies so that way it won't be visible. But this means that every report must be duplicated in the company account too and there will be many duplicates that will make work less efficient.
Regards,

2

ACL suggestions and hiding password in general tab

Re: ACL suggestions and hiding password in general tab

Dear m.iliev,

I apologize it took us so long to provide you with the feedback on your request.

As far as I understand, when testing SMS commands for Teltonika devices you found out that it is required to enter device access password in the Password field in the unit properties. Otherwise, the system sends two spaces and it is impossible to enter the password somewhere in the command field/text, it should be provided specifically in the unit properties. This means that every user that has is granted with the 'view connectivity settings' right, will be able to view this password as well as device type, unique ID and phone number.

For us device access password goes hand in hand with other connectivity settings, that's why we view it as logical that there is one right that unites access to all of these data.

---

In regards to dividing creating, editing and deleting rights into separate ones, I can say that it is hardly possible to imagine the case when one user will be allowed to create reports but not delete them. These both rights seem to be on the same level of managing data.

m.iliev wrote:

We have specific reports for every company we manage and we want them not to be deleted, but the reports must be visible for the company so they can be run manually. The same is for the drivers, jobs and other items.

If you want these users to only view the report templates, just assign them the corresponding right - 'View report template'. Having it, they will not be able to delete any of the templates.

Maria Starikova,
Wialon Hosting Product manager, Gurtam
3

ACL suggestions and hiding password in general tab

(edited by m.iliev 10/02/2020 15:32:10)

Re: ACL suggestions and hiding password in general tab

mars wrote:

Dear m.iliev
For us device access password goes hand in hand with other connectivity settings, that's why we view it as logical that there is one right that unites access to all of these data.

Yes password is a connectivity setting but concerning the security of the device it shouldn't be displayed. The user sometimes must have the IMEI and the device type so he will know what device is installed but it mustn't know how to manage the device. If he knows the password he can alter the setting of the device. It is a security bridge to not having an option to hide it.

mars wrote:

Dear m.iliev
In regards to dividing creating, editing and deleting rights into separate ones, I can say that it is hardly possible to imagine the case when one user will be allowed to create reports but not delete them. These both rights seem to be on the same level of managing data.

If you want these users to only view the report templates, just assign them the corresponding right - 'View report template'. Having it, they will not be able to delete any of the templates.

You are right but there must be reports, jobs, notifications and drivers that we must create and manage but still the people must have the ability to create their own but not delete ours.
When company account is created it creates a user that will have all the reports, jobs, notifications, drivers etc. this user is a creator of all the users in the company. These users must see the reports but not delete them.
Now i tested a workaround with different configuration. I Created a resource with creator the main user of the company. That way the users can create their own reports in this resource but not delete ours in the company user.

4

ACL suggestions and hiding password in general tab

Re: ACL suggestions and hiding password in general tab

So no one is interest at hiding the password at general tab somehow ?
This is a big security problem. We are forced to show the password to the clients... The clients must know what device with IMEI they have installed in the vehicle but must not know the password for configuring it.