You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@karaf.apache.org by "Robert Savage (Commented) (JIRA)" <ji...@apache.org> on 2011/11/02 18:47:33 UTC

[jira] [Commented] (KARAF-979) access control for shell commands

    [ https://issues.apache.org/jira/browse/KARAF-979?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13142344#comment-13142344 ] 

Robert Savage commented on KARAF-979:
-------------------------------------

Just thinking out loud but perhaps some configuration file for managing access control over (existing) shell commands both discrete commands by name and perhaps ground of commands by scope.  

Ideally long term it would be nice to support an optional attribute/annotation "roles" for commands, thus when creating new custom bundles that extend the console and add new commands, these commands could intrinsically support the access-control roles convention.
                
> access control for shell commands
> ---------------------------------
>
>                 Key: KARAF-979
>                 URL: https://issues.apache.org/jira/browse/KARAF-979
>             Project: Karaf
>          Issue Type: New Feature
>          Components: karaf-shell
>    Affects Versions: 2.2.5
>            Reporter: Robert Savage
>              Labels: access, admin, command, console, permission, role, shell, user
>             Fix For: 3.0.0
>
>
> Feature first discussed in mailing list.
> @See: http://karaf.922171.n3.nabble.com/shell-commands-amp-user-roles-td3474148.html
> ------------------------------------------------------------------------------------
> Create a method to define more granular level of user access to see (list/autocomplete) and execute commands via the (SSH) shell. 
> Thus supporting the ability for certain commands be restricted to a configured set of user roles via the command's name or scope.
> Really what I'm after is a two level access system.  An "admin" level that has full access to all commands, scripting, introspection, etc.  And a "user" level of access that perhaps only provides access to a limited number of command.  Additionally "user" level access would disallow scripting and introspection capabilities.   

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira