Re: RBAC, User Permissions

Tue, 26 Oct 2021 11:02:46 -0700 

(Re-adding mailing list - please keep future replies on the list...)

On Tue, Oct 26, 2021 at 12:01 PM Jürgen Kuri <[email protected]> wrote:

> El 26.10.21 a las 17:33, Nick Couchman escribió:
> Hello Nick,
>
> thank you for instant response.
>
> > One thing to note, here, is that a user will have access to the
> resources in Guacamole that they create - connection groups, connections,
> etc. So, the user who creates a connection should also have the ability to
> modify it, assign permissions, delete it, etc.
> Hmmm, yes I understand somehow, at least for users and user groups:
>
> desc guacamole_user_permission;
>
> +------------------+---------------------------------------------+------+-----+---------+-------+
> | Field            | Type                                        | Null |
> Key | Default | Extra |
>
> +------------------+---------------------------------------------+------+-----+---------+-------+
> | entity_id        | int(11)                                     | NO   |
> PRI | NULL    |       |
> | affected_user_id | int(11)                                     | NO   |
> PRI | NULL    |       |
> | permission       | enum('READ','UPDATE','DELETE','ADMINISTER') | NO   |
> PRI | NULL    |       |
>
> +------------------+---------------------------------------------+------+-----+---------+-------+
>
> desc guacamole_user_group_permission;
>
> +------------------------+---------------------------------------------+------+-----+---------+-------+
> | Field                  | Type                                        |
> Null | Key | Default | Extra |
>
> +------------------------+---------------------------------------------+------+-----+---------+-------+
> | entity_id              | int(11)                                     |
> NO   | PRI | NULL    |       |
> | affected_user_group_id | int(11)                                     |
> NO   | PRI | NULL    |       |
> | permission             | enum('READ','UPDATE','DELETE','ADMINISTER') |
> NO   | PRI | NULL    |       |
>
> +------------------------+---------------------------------------------+------+-----+---------+-------+
>
> "entity_id" seems to be the one who owns the resource
> "affected_user_id/affected_user_group_id". So, these two mapping tables
> seems to be for the mapping of owner of users and user groups.
>
> But how is this with connections, I cannot find such corresponding mapping
> tables like "entity_id" ->
> "affected_connection_id/affected_connection_group_id" for connection and
> connection group resources.
>
>
For this you will need the guacamole_connection_permission and
guacamole_connection_group_permission tables, which is where those are
stored.

-Nick

Reply via email to