Benoit Tellier created JAMES-3756: ------------------------------------- Summary: Configurable impresonnation Key: JAMES-3756 URL: https://issues.apache.org/jira/browse/JAMES-3756 Project: James Server Issue Type: Improvement Components: IMAPServer, SMTPServer, UsersStore & UsersRepository Reporter: Benoit Tellier
h3. What is impersonnation Hello I'm Bob, connect me as Alice. Use cases: - 1. Migration: migration user impersonnate existing user to migrate in/out emails of the user - 2. Assistance: An admin impersonate a user to assist them with one problem... - 3. Delegation: The secretary impersonnate her boss mails. h3. What exists today in James Impersonation exists for IMAP AUTHENTICATE PLAIN. Impersonation relies on the 'Authorizator' interface. A simple implementation of it is provided: We then verify this the user performing the impersonation is an admin account defined in the configuration. This makes it suitable for simple use cases defined in 1 and 2 (where multi-tenancy is not an issue) However, this is unsuitable for more advanced use cases. h3. Proposal Provide a configuration option to enable fine-grained authorization. If enabled, a storage API for delegation will be enabled (stores user X have the right to impersonate to user Y). We can then have a webadmin API to manage this, as well as the wiring needed in the AUthorizator. -- This message was sent by Atlassian Jira (v8.20.7#820007) --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org