Hi, Thanks for your reply,
About the query, sorry after checking on another server the same happens, (the result that I want is it without duplicated rows). What I would like is to display on the connection page the list of groups/users, not on the group page the connections list. Thanks! *Manel Molina* *[email protected] <[email protected]>* *Dirección de Ciberseguridad* Ciutat de L’Aigua (D38) Paseo de la Zona Franca, 48 08038 Barcelona / España www.veolia.com <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect2.fireeye.com%2Fv1%2Furl%3Fk%3D31323334-501d5122-31356fd6-454445555731-a8425f343e5c4fad%26q%3D1%26e%3D30530535-2971-48a4-8441-12c02ea4dc09%26u%3Dhttps%253A%252F%252Feur01.safelinks.protection.outlook.com%252F%253Furl%253Dhttp%25253A%25252F%25252Fwww.veolia.com%25252F%2526data%253D05%25257C01%25257Csergi.carmona%252540agbar.es%25257C4c93dad3808642dd7ec308da3ccb99ab%25257Cf4a12867922d4b9dbb859ee7898512a0%25257C0%25257C0%25257C637889142388029142%25257CUnknown%25257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%25253D%25257C3000%25257C%25257C%25257C%2526sdata%253DJJM7r2MgHUaiuJD%25252Bk2xlr3opNEFsJkp%25252Byh2MJq0XRS0%25253D%2526reserved%253D0&data=05%7C01%7Coriol.val%40agbar.es%7C8a3587bd93134628cf9908da4d2baf8e%7Cf4a12867922d4b9dbb859ee7898512a0%7C0%7C0%7C637907147446774859%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5Vjff2WWXgkB77AldZ5g116HPKmbRv1h5PRjQjH9k0o%3D&reserved=0> El vie, 1 sept 2023 a las 12:39, Nick Couchman (<[email protected]>) escribió: > On Wed, Aug 30, 2023 at 10:55 AM Molina de la Iglesia, Manuel > <[email protected]> wrote: > > > > Hi Nick. > > > > What I need is be able to say which is the list of connections available > (with permission) for each group, exactly the result of the db query of my > last email. > > You can already see all of the permissions assigned directly to a > group through the web UI - if you go to the Groups section, then click > on a group, at the bottom of the page it will list "Current > Connections", which shows all connections that a group has explicitly > been granted access to, and then "All Connections" where you can list > all available connections and select additional ones. > > The DB query that you sent: > 1) Does not do any limit on what type of entity is granted permissions > - it will return both users and groups. > 2) Does not factor in inheritance - for example, permissions granted > to a user through membership in a group. This is basically information > already available on the web interface. > 3) Does not provide any actual permissions information - it has two > columns, an entity name and a connection name. > 3) Behaved very strangely in my test environment. I have a handful of > users (10, maybe), a handful of groups (4-5) and a handful of > connections (10-12, maybe 20 at most), and the result returned 1024 > rows, many of which were duplicates and most of which were the > "guacadmin" user account. > > > > > Is there any workaround to check it from the UI or though API? > > > > The data is definitely in the database, and also in the API, it would > just take some work to piece it all together, particularly for user > groups. For users, there is an "effectivePermissions" API endpoint > that lists all of the permissions that a given user has, whether > assigned directly or through inheritance: > > GET > https://guacamole.example.com/api/session/data/postgresql/self/effectivePermissions > > The output of this will be JSON that includes connections, connection > groups, users, and user groups, which the user (in this case, "self" > just means whatever user is currently logged in) has access to, and > what type of access (READ, UPDATE, ADMINISTER, etc.). For user groups, > however, this is no "effectivePermissions" endpoint. There are > endpoints for pulling the directly-assigned permissions: > > GET > https://guacamole.example.com/api/session/data/postgresql/userGroups/group1/permissions > > as well as other groups of which this group is a member: > > GET > https://guacamole.example.com/api/session/data/postgresql/userGroups/group1/userGroups > > Using this data it would definitely be possible to pull together the > list of permissions that any given group has, both directly assigned > and inherited. > > -Nick > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
