You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@guacamole.apache.org by "Mike Jumper (Jira)" <ji...@apache.org> on 2021/02/03 19:32:00 UTC

[jira] [Commented] (GUACAMOLE-1274) Allow administrators to see which permissions are inherited by users/groups

    [ https://issues.apache.org/jira/browse/GUACAMOLE-1274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17278315#comment-17278315 ] 

Mike Jumper commented on GUACAMOLE-1274:
----------------------------------------

I can see the utility of this, but I also question whether it should be done. It is not always possible to _know_ whether a user is a member of a particular group until they actually log in, and setting the expectation that inherited permissions can be viewed within the admin interface could mislead administrators. If a user logs in using SAML, for example, this cannot 100% be known.

Streamlining the ability of the administrator to see permissions within parent groups would be useful, but still would not necessarily capture what you're hoping to capture. What if permissions are inherited from yet more groups containing those groups, none of which directly contain the user?

Exposing the permissions from a single group or allowing a single group to be expanded sounds nice on the surface, but the concept breaks down when other authentication systems and more complex group hierarchies are involved.

> Allow administrators to see which permissions are inherited by users/groups
> ---------------------------------------------------------------------------
>
>                 Key: GUACAMOLE-1274
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1274
>             Project: Guacamole
>          Issue Type: Wish
>          Components: guacamole
>            Reporter: Ayushi Jain
>            Priority: Minor
>         Attachments: Created a user group DUMMY which has all the permissions.docx
>
>
> Suppose we have a user group which has all the system permissions (ex- Administer system , create new user , create new user groups).  This user group has a user member which will inherit all the permissions from his parent user group. 
> Even though the user member has all the permissions they are not reflected when we click on  that user name to edit it. 
> Improvement - When we click on the user member to edit it ,all the checkboxes should be checked for the permissions it has inherited from it's user group to avoid any confusion. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)