[jira] [Commented] (GUACAMOLE-1274) Allow administrators to see which permissions are inherited by users/groups

Wed, 03 Feb 2021 11:40:08 -0800 


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-1274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17278315#comment-17278315
 ] 

Mike Jumper commented on GUACAMOLE-1274:
----------------------------------------

I can see the utility of this, but I also question whether it should be done. 
It is not always possible to _know_ whether a user is a member of a particular 
group until they actually log in, and setting the expectation that inherited 
permissions can be viewed within the admin interface could mislead 
administrators. If a user logs in using SAML, for example, this cannot 100% be 
known.

Streamlining the ability of the administrator to see permissions within parent 
groups would be useful, but still would not necessarily capture what you're 
hoping to capture. What if permissions are inherited from yet more groups 
containing those groups, none of which directly contain the user?

Exposing the permissions from a single group or allowing a single group to be 
expanded sounds nice on the surface, but the concept breaks down when other 
authentication systems and more complex group hierarchies are involved.

> Allow administrators to see which permissions are inherited by users/groups
> ---------------------------------------------------------------------------
>
>                 Key: GUACAMOLE-1274
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1274
>             Project: Guacamole
>          Issue Type: Wish
>          Components: guacamole
>            Reporter: Ayushi Jain
>            Priority: Minor
>         Attachments: Created a user group DUMMY which has all the 
> permissions.docx
>
>
> Suppose we have a user group which has all the system permissions (ex- 
> Administer system , create new user , create new user groups).  This user 
> group has a user member which will inherit all the permissions from his 
> parent user group. 
> Even though the user member has all the permissions they are not reflected 
> when we click on  that user name to edit it. 
> Improvement - When we click on the user member to edit it ,all the checkboxes 
> should be checked for the permissions it has inherited from it's user group 
> to avoid any confusion. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to