tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: [POLL] Finer-grained "manager" user-access privileges?
Date Fri, 08 Jun 2012 21:11:10 GMT
Christopher Schultz wrote:
> Hash: SHA1
> All,
> I was just answering a question on StackOverflow[1] about limiting the
> operations a particular user could perform when using the manager app
> (e.g. deploy, undeploy, start, stop, etc.).
> It seems to me that this has come up on the users' list once or twice
> in the past, and it wouldn't be a big deal to support this kind of
> thing right out of the box by just defining a number of additional
> roles such as:
>    manager-gui-deploy
>    manager-gui-undeploy
>    manager-gui-start
>    etc.
> Is there any interest in doing something like this? My general feeling
> is that manager access should either be allowed read-only (which is
> covered by the "manager-status" role) or full read/write (which is
> covered by the "manager-gui" and "manager-sript" roles) because hey,
> you should trust your managers or fire them ;)
> On the other hand, if there is significant interest in this kind of
> thing, we should support it out of the box.

I just installed a Tomcat today on a customer system, and in that case I would have liked

indeed to have a tad more granularity in the out-of-the-box Manager, with respect to what

a given user can do, but maybe not exactly as you describe it above.
Maybe then just for the wish-list :

Say you have one Tomcat, running 4 different applications A1, A2, A3 and A4.  Each 
application has a person who has the role of "application administrator" :
- User1 is responsible for applications A1 and A4
- User2 is responsible for application A2
- User3 is responsible for application A3

Each of these users should have access to the Manager, but limited as follows :
- User1, User2 and User3 can "see" all applications
- User1 can start, stop, and deploy/undeploy his own applications A1 and A4, but not the 
other applications
- User2 can start, stop, and deploy/undeploy his own application A2, but not the other 
- User3 can start, stop, and deploy/undeploy his own application A3, but not the other 

The scenario is :
- I do not have remote access to the Tomcat host
- there is no local sysadmin
- these Users work in different departments, they do not communicate with eachother, they

are not sysadmins, but each of them is the "person of contact" to whom I would for example

send an updated .war file of the application(s) for which they are responsible, and ask 
them to deploy it.
But even if I would send one of them the wrong .war file (or a curious user would just try

to rename a .war file), they should not be able to re-deploy any other than the 
application(s) for which they are responsible.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message