Jason Haar created GUACAMOLE-1010:
-------------------------------------
Summary: enable concept of global policy enforcement to restrict
options
Key: GUACAMOLE-1010
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1010
Project: Guacamole
Issue Type: New Feature
Components: guacamole
Reporter: Jason Haar
guacamole already has lots of options available to everyone who can create/edit
connection profiles - in particular "device redirection".
This enables organizations who want to restrict things to do so - but only if
they remove the option for end-users to create new connections. ie orgs have to
go complete "nanny state" mode and remove all versatility from users.
How about if you enabled an "admin only" mode where options could be disabled
globally within guacd.conf, and then only accounts with full admin privs could
even see them? Then when other users with "create" access go to create/edit a
connector, those options don't even show up - thereby stopping them from using
them. I think the sections named "Remote Desktop Gateway", "Device
Redirection", "Preconnection PDU / Hyper-V", "CONCURRENCY LIMITS", "LOAD
BALANCING", "GUACAMOLE PROXY PARAMETERS", "Screen Recording" and "SFTP" all
should be disable-able. That would allow orgs to allow individuals the
flexibility of being able to create their own connectors, but restrict their
options to a level the org is comfortable with - and with those areas not even
showing up to the end-user, it would improve ease of use (you have to know
quite a bit for most of those options to even make sense).
Also, clipboard itself should really be a "device redirection" option too. I
think clipboard in a connection profile should able to be configured as
bidirectional (browser<->server), or browser->server only (server<->server
should always be allowed)
Thanks for listening!
Jason
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
