----- Original Message ----- > From: Mark Thomas <ma...@apache.org> > To: Tomcat Users List <users@tomcat.apache.org> > Cc: > Sent: Friday, June 8, 2012 10:02 AM > Subject: Re: [POLL] Finer-grained "manager" user-access privileges? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 07/06/2012 19:37, Christopher Schultz wrote: >> All, >> >> I was just answering a question on StackOverflow[1] about limiting >> the operations a particular user could perform when using the >> manager app (e.g. deploy, undeploy, start, stop, etc.). >> >> It seems to me that this has come up on the users' list once or >> twice in the past, and it wouldn't be a big deal to support this >> kind of thing right out of the box by just defining a number of >> additional roles such as: >> >> manager-gui-deploy manager-gui-undeploy manager-gui-start etc. >> >> Is there any interest in doing something like this? My general >> feeling is that manager access should either be allowed read-only >> (which is covered by the "manager-status" role) or full > read/write >> (which is covered by the "manager-gui" and > "manager-sript" roles) >> because hey, you should trust your managers or fire them ;) > > +1. I'm not a fan of making things more complicated by default. There > is plenty that can be done via additional configuration if desired. > > Mark
I'm also not seeing a clear use case that couldn't solved by running virtual hosts or separate Tomcat instances. I'm not one to rain on a person's parade, but I guess in light of additional configuration complexity, I'd like to see a clear use case that couldn't be solved with the existing setup plus virtual hosts or multiple Tomcats. . . . just a beleaguered systems person who likes all boxes to look the same. /mde/ --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
