Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 286E29097 for ; Sun, 10 Jun 2012 14:59:38 +0000 (UTC) Received: (qmail 328 invoked by uid 500); 10 Jun 2012 14:59:34 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 275 invoked by uid 500); 10 Jun 2012 14:59:34 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 266 invoked by uid 99); 10 Jun 2012 14:59:34 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 10 Jun 2012 14:59:34 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [76.96.59.211] (HELO QMTA11.westchester.pa.mail.comcast.net) (76.96.59.211) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 10 Jun 2012 14:59:27 +0000 Received: from omta22.westchester.pa.mail.comcast.net ([76.96.62.73]) by QMTA11.westchester.pa.mail.comcast.net with comcast id LeYW1j0021ap0As5Bez4wX; Sun, 10 Jun 2012 14:59:04 +0000 Received: from Christophers-MacBook-Pro.local ([69.143.109.145]) by omta22.westchester.pa.mail.comcast.net with comcast id Lez21j00E38FjT13iez333; Sun, 10 Jun 2012 14:59:04 +0000 Message-ID: <4FD4B63B.7010604@christopherschultz.net> Date: Sun, 10 Jun 2012 10:59:07 -0400 From: Christopher Schultz User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: Tomcat Users List Subject: Re: [POLL] Finer-grained "manager" user-access privileges? References: <4FD0F4CC.6050202@christopherschultz.net> <4FD26A6E.3080206@ice-sa.com> In-Reply-To: <4FD26A6E.3080206@ice-sa.com> X-Enigmail-Version: 1.4.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 André, On 6/8/12 5:11 PM, André Warnier wrote: > The scenario is : - I do not have remote access to the Tomcat host > - there is no local sysadmin - these Users work in different > departments, they do not communicate with eachother, they are not > sysadmins, but each of them is the "person of contact" to whom I > would for example send an updated .war file of the application(s) > for which they are responsible, and ask them to deploy it. But even > if I would send one of them the wrong .war file (or a curious user > would just try to rename a .war file), they should not be able to > re-deploy any other than the application(s) for which they are > responsible. That's a taller order than what I was proposing, which I believe can be achieved through additional configuration only. Your use case would definitely require a more nuanced and capable permissions system, while my use case merely requires that we use the existing permissions system (i.e. role-based security-constraints in web.xml). - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/UtjsACgkQ9CaO5/Lv0PAvQQCghqpKlVUAmk7nUpVDfZdmlrqt TmUAn3GABFig+QkiNHIq8cf0BtU9K+zS =sGFS -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org