On 2017-02-15 11:51, Alexander Bokovoy wrote:
On ke, 15 helmi 2017, Gerald Zabos wrote:
Use case: external customer gets limited access and MUST NOT see our
internal users and/or other external customers.

Not seeing other users or objects is no possible with FreeIPA design. It
is also security through obscurity and doesn't really contribute
anything.

IMHO such a use-case is a valid security requirement for preventing
social engineering threats.

Anyway customer accounts are critical regarding _confidentiality_:

1. Customers must not see internal users and their contact data
   for not being able to circumvent controlled support processes.

2. Customers must not see other customers (competitors) because this
   could cause business trouble.

IMHO dealing with customer accounts is very tricky because a normal
user management is optimizied for collaboration and not for
multi-tenant confidentiality.

Ciao, Michael.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to