I'm trying to lock down access to the designer and gateway pages based on a combination of roles and security zones. For simplicity, let's just say the role is Administrator and the two security zones are trusted_ips and localhost.
Most of the config on the two security zones is similar, but localhost is my last-ditch fallback that allows un-secured connections while trusted_ips requires secured connections, so I can't combine them into one zone without giving up some of those restrictions.
Once I switch the designer authentication to identity provider, I can set the permissions fields to a combination of roles and security zones, but I can't make something like:
Authenticated/Roles/Administrator AND (SecurityZones/localhost OR SecurityZones/trusted_ips)
I know I could get almost what I want by making one security zone covering both IP sets and dropping the secure connection requirement, but is there a better way to get everything I want?
I vaguely remember in the past I've seen mention of a "combined" role/zone security level concept, but I can't seem to find that now. Is there some way to make a Administrator/trusted_ips level and a Administrator/localhost level and I could both of those in the permissions with a simple OR config?