Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: granular permissions for users #11687

Closed
Instagit opened this issue Oct 8, 2018 · 10 comments · Fixed by #28189
Closed

Feature request: granular permissions for users #11687

Instagit opened this issue Oct 8, 2018 · 10 comments · Fixed by #28189
Labels
2. developing Work in progress enhancement feature: dav feature: occ feature: users and groups needs info pending documentation This pull request needs an associated documentation update security
Milestone
Nextcloud 23

Comments

@Instagit
Copy link

Instagit commented Oct 8, 2018

As far as I know, right now it's not possible to have a user that is only allowed to create and delete other users, right?

Use case:

I want to create and delete temporary user accounts through an API call. If the user credentials in that API call are somehow intercepted, all other user data should still be secure. Optimally, the group admin would only be allowed to create and delete users, not list users or change their passwords.

Is there a way to do this that I am not aware of? And if not, what would be the best workaround? Thanks for your time. :)
@nextcloud-bot
Copy link
Member

GitMate.io thinks possibly related issues are #9182 (Just a question // Feature request // Pretty Share URL), #1575 ([Feature Request] Add configuration for "Sharing URL"), #8066 (Feature Request: User can accept or refuse sharing request), #3985 (feature request: multi tennancy (or is it already possible)), and #10544 (Feature Request: allow image Preview to apply to folders).

@violoncelloCH
Copy link
Member

It's already possible to set a user as admin for a specific group. This way he can just manage the users in this group(s), but he doesn't have access to any other admin settings. Is this what you are looking for?

@Instagit
Copy link
Author

@violoncelloCH The problem I see is this: If for any reason the group admin credentials leak, they can be used to

  1. list all users
  2. change their passwords
  3. access their files

I'm looking for a way to create and delete users where this is not possible.

Example: Someone misconfigures SSL and the API requests are sent out unencrypted. All previously created accounts and their data should still be safe.

@violoncelloCH
Copy link
Member

hmm, I don't think this is possible atm
So you would like to have a group admin user which can only create and delete users but not change anything?

@Instagit
Copy link
Author

Yes, exactly. I think it makes sense to have this in an environment where data safety is important.

The Nextcloud API already has a very refined set of actions. It only lacks a way to configure the permissions more precisely.

@nextcloud-bot nextcloud-bot mentioned this issue Nov 29, 2018
Closed
@skjnldsv skjnldsv added the 0. Needs triage Pending check for reproducibility or if it fits our roadmap label Aug 20, 2020
@szaimen
Copy link
Contributor

szaimen commented Jun 9, 2021

cc @nextcloud/server-triage is this feasible?

@ghost
Copy link

ghost commented Jul 9, 2021

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.

@ghost ghost added the stale Ticket or PR with no recent activity label Jul 9, 2021
@Pytal Pytal added this to the Nextcloud 23 milestone Jul 20, 2021
@ghost ghost removed the stale Ticket or PR with no recent activity label Jul 20, 2021
@szaimen
Copy link
Contributor

szaimen commented Jul 20, 2021

@Pytal please add applicable labels if you are scheduling this for 23 :)

@Pytal Pytal added 2. developing Work in progress feature: occ pending documentation This pull request needs an associated documentation update security and removed 0. Needs triage Pending check for reproducibility or if it fits our roadmap labels Jul 20, 2021
@Pytal
Copy link
Member

Pytal commented Jul 20, 2021

@Pytal please add applicable labels if you are scheduling this for 23 :)

Added, @CarlSchwan you may add more if you'd like :)

@szaimen
Copy link
Contributor

szaimen commented Jul 20, 2021

Added

Thanks! :)

@skjnldsv skjnldsv mentioned this issue Aug 23, 2021
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2. developing Work in progress enhancement feature: dav feature: occ feature: users and groups needs info pending documentation This pull request needs an associated documentation update security
Projects
None yet
Milestone
Nextcloud 23
Development

Successfully merging a pull request may close this issue.

Implement Admin Delegation nextcloud/server
6 participants
@Instagit @skjnldsv @nextcloud-bot @violoncelloCH @Pytal @szaimen