On Wed, Dec 8, 2021, 08:37 Nick Couchman <[email protected]> wrote: > On Wed, Dec 8, 2021 at 5:43 AM Barak, Tal <[email protected]> > wrote: > >> Hello, >> >> >> >> I will appreciate your help with the following two questions: >> >> >> >> 1. Is there a way to create a sharing profile link which only >> authenticated users will able to view/use? When I create a sharing profile >> link from the menu, the link can be used by all users including anonymous >> users. >> >> >> Not creating the link, no - the entire point of creating a sharing > profile link is that you can provide that link to anyone and they will able > to use it, whether or not they are signed in to Guacamole. It's honestly > been a while since I messed around with connection sharing - it isn't > something I use all that much - so I can't remember if there's any other > way for users to access that shared connection. > > > >> >> 1. >> 2. I understand that users with administrative privilege can view an >> existing session even if a sharing profile link wasn’t generated and no >> sharing profile is defined under the connection settings >> (If I understand correctly, this can be done by going, as an >> administrator, to sessions -> active connections and then clicking on the >> link in the left side of the desired connection row). >> >> However, when using this method, the administrator joins the session >> with full controls, as opposed to sharing profile which you can limit to >> read-only. Is there a way to limit administrators when they join sessions >> so they will have read-only permissions only? >> >> >> > > No, there is no way to limit administrators to read-only access to the > connections - that's part of what being an Administrator in Guacamole > entails. >
This is possible through an extension (decorate the GuacamoleTunnel returned for the active connection, apply a filter that rejects inbound instructions except for "sync" and "nop"). In general, I think it could be a useful feature to have the guac UI automatically disable mouse/keyboard input for joined active sessions, with some button or similar unlocking the session when the admin needs control. - Mike
