sshGate icon indicating copy to clipboard operation
sshGate copied to clipboard
verified publisher icon Tauop

Create ACL to allow users to add a target

Open rvrignaud opened this issue 15 years ago • 6 comments

Hello, It would be nice to create an ACL to allow some users to add a target. Maybe it would be interesting to design a whole ACL system for adding / deleting target, user, usergroup; granting access, etc ...

Thx in advance.

rvrignaud avatar Jan 11 '11 17:01 rvrignaud

Hi Romain, Please make proposition, and if it is not too complex, we could think of some sort of delegation :-)

Tauop avatar Jan 27 '11 16:01 Tauop

Hi,

Here is my frequent use case : LRS users should be able to add a target and allows access to external users.

It's a frequent use case when one creates a virtual machine. And it's also a painful one for the virtual machine creator, who cannot announce availability of the machine, despite it's up and running.

Regards,

Coren avatar Mar 17 '11 15:03 Coren

Hi,

Add a target is not a problem Add an access can be a problem.

What I can propose is to allow to crete a new target and give access to one/more users at the same time. If your collegue miss one people, he has to ask an sshGate admin to give access.

What about this solution ?

Tauop avatar Mar 17 '11 15:03 Tauop

it seems quite usable for use case. With this process, you'll have to allow "add a new user" too.

Coren avatar Mar 18 '11 09:03 Coren

"add a new user" can be a security hole :-/

Tauop avatar Mar 18 '11 09:03 Tauop

Not if this user is already in the ldap. You can make a simple search with cli tool like ldap-search.

Regards,

Loiseleur Michel Directeur LRS Linagora / 80, rue Roque de Fillol / 92800 PUTEAUX Tel/Fax : +33 1 46 96 63 63 / +33 1 46 96 63 64 http://www.08000linux.com/ | http://www.tosca-project.net "Ce n'est pas le logiciel qui est libre, c'est vous"

Coren avatar Mar 18 '11 10:03 Coren