On Thu, Jun 8, 2017 at 3:01 PM, Karl Fiabeschi <[email protected]> wrote: > > > 2017-06-08 23:48 GMT+02:00 Mike Jumper <[email protected]>: >> >> Only the creator of a group (or the administrator) will be able to create >> or delete connections therein. > > > As design choice?
Yes. The permissions themselves are discussed in detail here: http://guacamole.incubator.apache.org/doc/gug/guacamole-ext.html#ext-permissions When a user creates an object (whether that be a connection, connection group, or other user), the database authentication automatically grants that user READ, UPDATE, DELETE, and ADMINISTER permission on that object. When you explicitly grant permission for connection or connection group by checking the box next to it in the admin UI, you are actually only granting READ permission. The CREATE_CONNECTION, CREATE_CONNECTION_GROUP, etc. permissions control the ability to create such objects, but whether that object can be created within an existing connection group depends also on the permissions granted for that group. The only exception here is a user with system-level ADMINISTER permission, as that permission implies all others. - Mike
