asterisk users - Sep 2012 - AMI Permissions, "all" means different things?

Hi!

I'm trying to limit the permissions for a AMI-account. But I'm a little 
bit confused by the permissions. The commands I use are (output from 
"manager show commands", btw: privilege col seems cropped?):

   Action           Privilege        Synopsis
   Redirect         call,all         Redirect (transfer) a call.
   Originate        originate,all    Originate a call.
   Getvar           call,reporting,  Gets a channel variable.


If I put this in my manager.conf:

[pbx_ami]
secret = ***
deny=0.0.0.0/0.0.0.0
permit = x.x.x.x/255.255.255.255
write=originate,call
read

I get this ("manager show user pbx_ami"):

        username: pbx_ami
          secret: <Set>
             acl: yes
       read perm: <none>
      write perm: call,originate,all
displayconnects: yes



Where does the "all" permission come from? However, If I change the
row
in manager.conf to "write=originate,call,all" the output is:

        username: pbx_ami
          secret: <Set>
             acl: yes
       read perm: <none>
      write perm: 
system,call,log,verbose,command,agent,user,config,dtmf,reporting,cdr,dialplan,originate,agi,cc,aoc,test,all
displayconnects: yes


Can someone explain this please?

Thanks!

-- 
Johan Wilfer

On Sep 7, 2012, at 1:49 AM, Johan Wilfer wrote:
> Hi!
> 
> I'm trying to limit the permissions for a AMI-account. But I'm a
little bit confused by the permissions. The commands I use are (output from
"manager show commands", btw: privilege col seems cropped?):
Yes, sadly it is.
>  Action           Privilege        Synopsis
>  Redirect         call,all         Redirect (transfer) a call.
>  Originate        originate,all    Originate a call.
>  Getvar           call,reporting,  Gets a channel variable.
> 
> 
> If I put this in my manager.conf:
> 
> [pbx_ami]
> secret = ***
> deny=0.0.0.0/0.0.0.0
> permit = x.x.x.x/255.255.255.255
> write=originate,call
> read> 
> 
> I get this ("manager show user pbx_ami"):
> 
>       username: pbx_ami
>         secret: <Set>
>            acl: yes
>      read perm: <none>
>     write perm: call,originate,all
> displayconnects: yes
> 
> Where does the "all" permission come from?
Probably just a bug in the 'manager show user' command. The user
doesn't have all the permissions, so 'all' shouldn't show up in
the list. If it's not already in the issue tracker, please file a bug[1].

 [1]: https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines
> However, If I change the row in manager.conf to
"write=originate,call,all" the output is:
> 
>       username: pbx_ami
>         secret: <Set>
>            acl: yes
>      read perm: <none>
>     write perm:
system,call,log,verbose,command,agent,user,config,dtmf,reporting,cdr,dialplan,originate,agi,cc,aoc,test,all
> displayconnects: yes
> 
> Can someone explain this please?
This is at least looks correct. The 'all' permission is a superset of,
well, all the permissions. The 'write=all' line in manager.conf assigns
all of these permissions to the user.
> Thanks!
> 
> -- 
> Johan Wilfer
-- 
David M. Lee
Digium, Inc. | Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at:  www.digium.com  & www.asterisk.org