[
https://issues.apache.org/jira/browse/GUACAMOLE-1487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17469502#comment-17469502
]
Nick Couchman commented on GUACAMOLE-1487:
------------------------------------------
{quote}
Hm ... like a database-driven alternative to guacamole.properties?
{quote}
Yes, it really amounts to that.
{quote}
What would be the non-setting use case for system-wide information storage?
{quote}
There are a few existing Jira issues that would benefit from such a capability
- one of them is GUACAMOLE-842, where the requester wants to be able to
dynamically configure a Message-of-the-Day for the system users, but wants to
be able to enter it in the GUI instead of having to modify guacamole.properties
and restart the app every time.
{quote}
For the case of permissions that apply to all users, I think something like a
standard "Authenticated Users" role could make sense. Are you referring to a
specific use case here?
{quote}
Yes, that's also the general idea, here. One of the things that has come up a
handful of times is being able to assign a connection within Guacamole to
anyone who can authenticate to the system without having to manually add them
to a group or assign permissions. I realize this has to be handled with a good
deal of caution, since you don't want to make it _too_ easy for people to
assign a bunch of permissions to just anyone who can log in. But, i think
there's some legitimate uses for it, and there's certainly precedent for it in
other software products and projects.
> Allow settings to apply to all users
> ------------------------------------
>
> Key: GUACAMOLE-1487
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1487
> Project: Guacamole
> Issue Type: New Feature
> Components: guacamole-client
> Reporter: Nick Couchman
> Priority: Minor
>
> There are several existing Jira issues that seem to rely on being able to
> store information or apply settings to all users of the Guacamole system.
> Presumably this could be accomplish one (or both) of a couple of different
> ways:
> * Add a guacamole_system_attributes table that can store arbitrary data that
> can be used for the entire system. There is some precedent for this with the
> guacamole_system_permission table, so I don't think it's a huge departure
> from that. Presumably we'd also want to implement some graphical way to
> manage that data.
> * Add a global, built-in group - something like All_Users - that
> automatically contains all users of the system, and to which permissions and
> attributes could be applied through the use of the existing
> guacamole_user_group_* tables. This would require that this group have an
> entry in the tables, but membership in the group could either be enforced -
> that is, there would be no way to actually remove a user from the group - or
> at least defaulted - where a user would be added until explicitly removed.
> There are some other potential built-in groups - like Sys Admins - that
> wouldn't be enforced or required, but might help to allocate system-level
> permissions a bit better.
> Curious what the thoughts/opinions are on either or both of these options.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
