Transcript
Okay, this is a beta release channel, right? So, and there's some beta features here that we want your help testing. We want the feedback about this. They're features that have been long awaited and it's a feature of role-based access control, right? So, you can now control who can do what inside of PDQ Deploy and PDQ Inventory. Okay, a couple of questions. What version were they on when you started? Do you remember? My goodness, I'm trying to remember. Version two? No, it was, no, eight, seven, seven, seven or eight. Okay, sorry, go ahead, continue. Yeah, it was version seven or eight. And internally, we've been talking about role-based access control for, I don't know, eight years. Okay. Pretty much, we mentioned yesterday, we were in the old building back when we were first formulating this. So, like I said, this is beta. This is early access. To get into it, join Discord, get into the Deploy and Inventory beta channel, and you can get version 20 out of that and you can test it yourself. Link is in the chat right now. Thanks so much, Kelly. Additionally, anyone who does that and gives us some really good feedback and the person who reads it is in a good mood and they happen to find it, we'll send you some socks. Wow. Right? So, there's some incentive to go in and try and break it, try and tell us what's missing, what's not missing, what you find useful, what's not useful, all kinds of that, we wanna know. Okay. Okay, let's show it, should we? Yes. Okay, but first, we're gonna show the other new feature because there's another one here too. You're really dragging this out, Josh. Look, you only get to do this one time. Man, okay, go ahead. So, it's the audit log. This is also new in this version, right? So, this audit log that I'm in right now, ooh, I need to actually switch because I'm in the wrong one. I need to go over here. I swear I logged on this morning and timed out. I'm so sorry. That's okay. We're back. All right, let's jump into the audit log here and you can see everything that our user, Randy Marsh, has been doing. Okay? So, you can see that Randy Marsh has edited some user roles from yesterday. Wonder why. Maybe created a collection called Josh's collection. The audit log does not report on anything that is system generated. So, think deploy schedules or scheduled scans. Those aren't gonna show up here. What's gonna show up here is everything that a user might do. So, think of these two things now together. I've got an audit log and I've got roles-based access control. So, I can control and also check to make sure that my controls are working and people aren't doing what they're not supposed to do. Ooh, okay. So, I can spy on my junior people and see what they're up to. Yeah, exactly. Okay. To get to any preferences on the audit log, it's just from there, edit preferences. It uses nlog under the hood so you can use this advanced configuration file. We're not gonna dive into that today, but you can. You can start streaming these logs to Sims, to databases, to files in the format you want. You can start dumping all of that out. Okay. Okay, let's get to what we really wanna get to, which is role-based access control. RBAC. Everything is controlled via PDQ inventory. Okay. So, even the RBAC for PDQ deploy is defined inside of inventory. Got it. The only thing that you can do inside of deploy, we'll bounce over there and show you, is you can view what your current console user can do. These are tied to console users. And you can turn off RBAC, right? That's all you can do here. So, we're gonna live in inventory to show this, okay? Okay. You can see I've got two console users here. I've got Randy Marsh, which is our background service user, default console user, and we'll default to the super user role. The super user role can do everything. And then we've got another console user who I've just happened to call Helpdesk. Helpdesk and any new console users, when you enable this will default to the default role. Okay. The default role cannot be edited and it cannot do anything. Okay. So, that's an important call out. When you upgrade and you enable this, do it as the background service user, or else you're gonna get yourself in a point where you're like, I can't do anything. So, do it as a background service user, log in, and then we're gonna create a role. Okay. So, let's go create a role, should we? Yes, I want to. Okay. Let's call one called Helpdesk right here. What do we want this person to be able to do? Probably not much. This is gonna be a level one Helpdesk person, so we're gonna lock it down pretty heavily. Okay. We want them to maybe manage deployments? Yes. Anything else? I don't think so. We don't want to modify any deployments. We don't want to modify packages. No, no, no. Just send deployments, that's it. Okay. We just want them to do that. Okay. Yes. So, we're gonna create our role. It's called the same thing as the other, it's Helpdesk. Is that a problem? Nope. Okay. Because this is my console user named Helpdesk, and now I've got a role named Helpdesk. Okay. And then we're gonna come back here, and we're gonna assign that role here. Okay, so now I'm gonna switch gears here, and I'm gonna jump into, oops, this one. Okay. Where I am, and I'll bring up a, who am I? I am Helpdesk. I am now that user, and I'm on Cocoa Pebbles. Now, if you look, if I wanted to do something like, edit this collection. You don't have to log out? No. Oh. These are live. Oh, that's nice. These happen in real time, right? So, I can't, this current user doesn't have permission to modify collections, because I didn't give it access to do anything, but I can still read the data here. But we did give Helpdesk the ability to deploy a package, right? So, it can deploy GIMP here, for example, to itself. And I can't, notice I can't delete. Maybe I want them to be able to delete, okay? Okay. So, we're gonna switch gears again. We're gonna come back over here. We're gonna define another role here, to where it can modify package, and modify collections, apply it. We're gonna come back again over here, and now, look at that. Now, I can. It happens that fast? It's that fast. As soon as you change it, oh, wow. Love that. Yep, yep. Okay. Now, check out what's in here. Now, in my audit log, I can't view other users' audit logs, but I can view the things that I did. But if you're the super user, you could view everybody's. Then, I see everybody's, right? Love it. Okay, and what else do we do? I think we said that we could now modify collections. Yes, you did. All right, so now, that lock is out of here, and I can add another filter, and computer, online, or we can just do something like this, and blow this whole thing up. Oh, I love that. Okay. Oh, that's nice. Okay. There we go. That is a very quick, brief tour of role-based access control inside of PDQ Deployment Inventory. I love it. Again, this is only available in the beta. If you wanna get the beta, join Discord, join the Deployment Inventory beta channel, and let us know what you think. You might win some socks. Okay, thank you. ♪♪♪