workspaces-issues
workspaces-issues copied to clipboard
kasmtech
[Feature Request] - Workspace-, Group- and User-Permissions overhaul
Existing Resources
- [x] Please search the existing issues for related items
- [x] Consult the product documentation : Docs
- [x] Consult the FAQ : FAQ
- [x] Consult the Troubleshooting Guide : Guide
- [x] Reviewed existing training videos: Youtube
Is your feature request related to a problem? Please describe. Okay - This might open a pandoras box and I understand that there is no "one-size-fits-all" way to this, but maybe this can be done in the suggested way. :) I am trying to be as clear as I can, but English is not my first language, so bear with me a bit please. The underlying problem is that Workspaces are created for various reasons, applications and people. Right now we can only set permission for user-groups, which is a bit clunky when it comes to setting up various workspaces for various applications. Additionally I have a cae where I have a workspace in which I develop my SaaS-Project which works with personal data (like adresses, phone numbers, e-mailadresses - you name it). In this workspace I need other protections active than in the one which I use to interact with my AIs or the one I'm using for my own office-related stuff (like accounting). Maybe I wanna setup a workspace for my son to do his homework in and maybe one with some games, which I want to restrict a bit.
Describe the solution you'd like I would love to have Kasm's permissions in some sort of "level" where some levels are able to override others.
- Group-Settings
- If group A allows permission X and group B disallows permission X -> if user 1 is in A + B he is allowed for permission X
- Workspace-Settings
- This is where it get's a bit tricky... Remember my workspace with personal data? I don't want the user-settings or the group-settings have an expire-time > 60 when idle...
- My proposal would be that workspace-settings use the group-settings as default, but can have custom settings that override the group-settings (f.e. webcam, uploads, download, etc.)
- Plus add a checkbox that works like "allow usersettings to override this setting" which is checked by default
- User-Settings
- Here you can override any group-settings. Everything in here uses the group-settings as default values, so only specific set user-rules need to be applied.
- if allowed, user-settings can override workspace settings.
I'm giving a theoretical scenario for my suggestion as well, so it becomes a bit clearer: Given we have the users "alfred" and "bella". All users are in the group "company", which allows webcam usage, uploads and downloads. Since "bella" is a new user, she has downloads disallowed in her user-settings. We trust Alfred, so he has a user-setting that allows downloads no matter what the group-permissions say. Now let's look at some workspaces and what happens when those two users create a session:
- Workspace A which is for office-stuff, has no custom set permissions.
- Alfred: Since the "company"-group allows the usage of webcams, uploads and downloads, he can do all 3 of them
- Bella: Since her user-setting does not allow downloads, she can use the webcam and upload files, but that's it.
- Workspace B has a setting which does not allow downloads and can not be overwritten by user-settings (see suggested checkbox)
- Alfred: He can upload files and use a webcam, as per group-definition, but can not download files, even if his user-setting allows it.
- Bella: Same as Alfred
- Workspace C - Same as Workspace B, but "allow downloads" can be overwritten by user-settings
- Alfred: He can use a webcam, upload- and download files.
- Bella: She can use a webcam, upload files, but that's it.
Describe alternatives you've considered None really tbh... I am just a fellow dev suggesting how I would implement the permission-system if I would be in charge of implementing it. :)
Additional context None (yet).
