[
https://issues.apache.org/jira/browse/JAMES-3756?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Benoit Tellier closed JAMES-3756.
---------------------------------
Resolution: Fixed
> Configurable impresonnation
> ----------------------------
>
> Key: JAMES-3756
> URL: https://issues.apache.org/jira/browse/JAMES-3756
> Project: James Server
> Issue Type: Improvement
> Components: IMAPServer, SMTPServer, UsersStore & UsersRepository
> Reporter: Benoit Tellier
> Priority: Major
> Time Spent: 5h 50m
> Remaining Estimate: 0h
>
> h3. What is impersonnation
> Hello I'm Bob, connect me as Alice.
> Use cases:
> - 1. Migration: migration user impersonnate existing user to migrate in/out
> emails of the user
> - 2. Assistance: An admin impersonate a user to assist them with one
> problem...
> - 3. Delegation: The secretary impersonnate her boss mails.
> h3. What exists today in James
> Impersonation exists for IMAP AUTHENTICATE PLAIN.
> Impersonation relies on the 'Authorizator' interface.
> A simple implementation of it is provided: We then verify this the user
> performing the impersonation is an admin account defined in the configuration.
> This makes it suitable for simple use cases defined in 1 and 2 (where
> multi-tenancy is not an issue)
> However, this is unsuitable for more advanced use cases.
> h3. Proposal
> Provide a configuration option to enable fine-grained authorization.
> If enabled, a storage API for delegation will be enabled (stores user X have
> the right to impersonate to user Y). We can then have a webadmin API to
> manage this, as well as the wiring needed in the AUthorizator.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org
