sftpgo icon indicating copy to clipboard operation
sftpgo copied to clipboard

Published 20 hours ago verified publisher icon drakkan

Feature request : Role account manager

Open glasserre-pdw opened this issue 2 years ago • 4 comments

Hello. I have a need, maybe can be interesting / usefull for others : possibility to distinct a super admin role and admin role => account manager. Super admin will access to everytihing of course. Admin / Account manager will be allow to manage only users created by itself.

Explanation : in my case, i want to delegate an access to some users to create/update/delete user accounts, but i would like they don't have access to accounts created by IT members or other admin / account managers.

Bonus : Force user created by an admin / account manager with a template for expiration date (creation date + 2 month for example), force path of the user home_dir to a specific folder (/sftp/GroupA/%user_name%, specific permissions, specific protocol allowed, etc ...

glasserre-pdw avatar May 15 '22 14:05 glasserre-pdw

Hello,

this feature was already discussed in the past as "multi tenancy" and with other similar terms. It requires time and efforts for a proper design and implementation. I don't have infinite free time. Users who have requested this feature in the past disappeared as soon as I said it required sponsorship :smile:

Side note: the development version supports groups, you can set parametric home path, permissions and virtual folders just adding your users to a group

drakkan avatar May 15 '22 14:05 drakkan

Hi,

side note: Im glad I saw this request, Multi-Tenancy might be something we are interested in, I will know more in the next few months. I'm sure there wont be a problem to do some sponsorship if this feature request is something we would need. ;)

MetUys avatar Jul 18 '22 08:07 MetUys

I honestly don't like this attitude. If I stop maintaining SFTPGo it would become obsolete in a few years and you would have to pay for a similar proprietary product that you cannot see the code of, do security auditing and which maybe is also developed in Go and which uses the code written by me in the various external libraries needed by SFTPGo (golang/crypto, pkg/sftp, ftpserverlib etc).

You should sponsor the project you use to keep it healthy and well maintained even if you don't need new features. But this is probably an ideal world, in the real world everyone takes everything he can without giving anything back.

drakkan avatar Jul 18 '22 08:07 drakkan

I agree with you. Sorry if I didn't give a full breakdown of what my comment entails. So herewith:

We are not using the SFTPGo product currently. We had interest a year ago for a service and we looked at Sftpgo as a component of that service, we ran a POC, but client went quiet so was a non-starter.

We have a new project and client and because we liked what we saw in the sftpgo service are looking to use it again. We are still in discussions on scope of work. I looked at what has happened on the Sftpgo development since our last investigation (and there has been alot, so great work) and stumbled onto this multi-tenant topic. 

Regarding the comment about sponsorship: if this client is a go, sponsorship costs will be factored into that deal. That's why my comment was that it wouldn't be a problem but will only know in a few months time.

As you said without sponsorship the projects can easily stall which poses risks for the project deliverables. 

I trust this puts you in alignment, understanding and a bit at ease.

PS: sorry for the extra comments that have deviated off topic here. feel free to delete.

MetUys avatar Jul 18 '22 09:07 MetUys