tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject [POLL] Finer-grained "manager" user-access privileges?
Date Thu, 07 Jun 2012 18:37:00 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

I was just answering a question on StackOverflow[1] about limiting the
operations a particular user could perform when using the manager app
(e.g. deploy, undeploy, start, stop, etc.).

It seems to me that this has come up on the users' list once or twice
in the past, and it wouldn't be a big deal to support this kind of
thing right out of the box by just defining a number of additional
roles such as:

   manager-gui-deploy
   manager-gui-undeploy
   manager-gui-start
   etc.

Is there any interest in doing something like this? My general feeling
is that manager access should either be allowed read-only (which is
covered by the "manager-status" role) or full read/write (which is
covered by the "manager-gui" and "manager-sript" roles) because hey,
you should trust your managers or fire them ;)

On the other hand, if there is significant interest in this kind of
thing, we should support it out of the box.

Thanks,
- -chris

[1]
http://stackoverflow.com/questions/10909471/tomcat-web-application-manager-is-it-possible-to-limit-what-each-user-role-can/10937606#10937606
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/Q9MwACgkQ9CaO5/Lv0PCqtQCgugP0SxtqNjV9UVOQLlFOnaOj
AcoAnjsiqPqvACrATqj8jlfBR4i4W4UK
=q9cy
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message