ayseaktrkk opened a new issue, #6701:
URL: https://github.com/apache/hop/issues/6701
### What would you like to happen?
## [Feature Request]: User-based Project Authorization in Hop Web
### Problem / Motivation
Currently, Hop Web supports basic authentication via Tomcat's
tomcat-users.xml (username + password), but all authenticated users share the
same Hop environment and can see all available projects. There is no built-in
mechanism to restrict which projects a specific user is allowed to access.
This is a significant limitation for teams and organizations that:
- Host a single shared Hop Web instance for multiple users or departments
- Need to isolate projects per team, client, or security boundary
- Want to avoid spinning up a separate Docker container per user/project
just to enforce access control
### Proposed Solution
Add user-to-project authorization support in Hop Web, so that after a user
authenticates (via Tomcat basic auth or any future auth provider), they only
see and can access the projects they are explicitly authorized for.
This could be implemented as:
1. *A configuration file* (e.g. hop-web-users.xml or extending
tomcat-users.xml) that maps users/roles to allowed project names.
2. *Role-based access*: define roles per project and assign users to those
roles.
3. *UI enforcement*: after login, the Hop Web GUI only shows projects the
authenticated user is permitted to open.
### Example configuration (conceptual)
xml
<hop-web-authorization>
<project name="project-alpha">
<allow-user>ahmet</allow-user>
<allow-user>admin</allow-user>
</project>
<project name="project-beta">
<allow-user>elif</allow-user>
<allow-user>admin</allow-user>
</project>
</hop-web-authorization>
### Current Workaround
The only current workaround is running one Hop Web Docker container per
project/user group on different ports, which is operationally expensive and
hard to maintain.
### Additional Context
- Hop Web version: latest (2.16.0)
- Deployment: Docker (apache/hop-web)
- Related docs: https://hop.apache.org/manual/latest/hop-gui/hop-web.html
### Impact
This feature would make Hop Web significantly more viable as a shared,
multi-tenant platform for enterprise and team use cases.
### Issue Priority
Priority: 1
### Issue Component
Component: Other
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
