Forum / Remote Desktop Manager - Feature Request

Better Security Model

  • Create an Issue

First let me explain what we'd like to achieve. We'd like to give some people the ability to manage sessions in certain organizational groups and read-only (with Edit Session (User-Specific) still working) access in other groups. Ideally security groups would have permissions and not be just containers, and session organizational groups would have the ability to be assigned to security groups.

For example lets say I have the following tree:

Sessions
->Primary
--->AppServer1
--->AppServer2
->Testing
--->TestServer1
--->TestServer2
->Software
--->DevServer1

Given this scenario, what I'd like to implement is for my Testing Admins to be able to manage sessions in Testing and read sessions in Primary. Software Admins would be able to manage sessions in Software and Testing but only read sessions in Primary. Again both user groups would have access to Edit Session (User-Specific) so that they could adjust display settings. There would also be a lower access group of Testing Users that can only read in Testing as well as Primary.

If I understand the current model correctly, for my Testing guys to be able to manage Testing sessions and still use Primary sessions their RDM user-rights will allow them to manage any RDM security groups of which they are members. Likewise the Software users.

This is an oversimplified example. In reality we're setting up about a dozen organizational groups and have need of 6 or so user-level groups with three or four admin-level groups with control of specific organizational groups.

Hopefully this makes sense. The entry window is small so it's hard to visualize what I've typed and I'm juggling a lot today.


[Edit] As I move forward in setting this up for us I'm realizing how much of a pain it's going to be to make changes. If I create a new security group I'm going to need to slowly edit all the users that need to belong to it. It would be much easier to edit the group and add members. I guess what I'm really looking for is something replicating Windows user management. The ability to use Windows security groups in RDM would reduce a lot of duplicate management too.
<em>edited by Liquidmantis on 10/22/2010</em>

Clock9 yrs

Hi,
I understand what you want. I added more than one feature request with your post. I will try implements them soon. I can't give you a timeframe, the easiest is to allow you to add user in a security group. This one could be in the next update after the beta.

Thank you

David Hervieux

signaturesignature

Clock9 yrs

Thanks. My current workaround has been to only allow a very few people to have more than just basic view rights. I realized another way to work within the current system would be to have multiple duplicate sessions with different security group membership but that seems a kludge and adds a lot of excess sessions for admins and members of multiple groups.

I'd also really like a way to allow a user to have access to Edit Session (User-Specific) but not the global Edit Session.

Anyway, I started rolling RDM out to my users on Friday and it looks like they're loving the app. We all spend all day in multiple RDP sessions and I've been looking for a centrally managed solution for a long time. vRD was way out of budget but the pricing on RDM is phenomenal. Thanks for the great product and support.

Clock9 yrs

Liquidmantis wrote:

First let me explain what we'd like to achieve. We'd like to give some people the ability to manage sessions in certain organizational groups and read-only (with Edit Session (User-Specific) still working) access in other groups. Ideally security groups would have permissions and not be just containers, and session organizational groups would have the ability to be assigned to security groups.

Hi David,

I also would love to have this feature implemented.
Do you have more information since your last response?

Regards, Paul

Regards, Paul Molensky

Clock8 yrs

Hi David,
me2 wink
@liquidmantis: you could solve your problem with different datasources, one for primary one for testing and one for software, than you could manage different rights for different session trees. but its uncomfortable, this is why i want to have this feature too

Clock8 yrs

David already knows that I want this feature implemented, but for those of you that are struggling with this problem right now, I have a (kludgy) workaround. You can set separate permissions for each user per data source, so you can always create more data sources to allow the more fine grained control. In the example Liquidmantis gave, you would need 3 data stores (one each for Primary, Testing, and Software). You could then configure permissions for each user differently in each data source. This workaround is more administratively intense, but does achieve the intended effect. Users would need to be trained to change data sources, though.

Clock8 yrs

Hi David,

I was wondering if this future is planned for any upcoming release (v7??)
We would love to have one data source with a more fine grained control.

Regards, Paul

Regards, Paul Molensky

Clock7 yrs

Hi Paul,
We continue to improve our security model for the next version. I can tell you that the new fields will be in the database to manage it but I can't confirm that we will have the time to complete this feature for the v7.

David Hervieux

signaturesignature

Clock7 yrs

Hi at all,
i have the same Problem,

We have 7 Teams at our company and everybody should be able to see and connect to every System,
but only the Team which is responsible to the System should be able to edit/delete/add.
Is it possible at v7?

Clock7 yrs

This was supposed to be included in the version 7.0 but it was postponed. Sorry about that. It still on the plan for the version right after.

David Hervieux

signaturesignature

Clock7 yrs

Hi David,
we just bought the Enterprise version and noticed that we're not able to give R/O access to several users while still being able to have them manage a set of other sessions. I think we're facing the same limitations that other users are complaining here.

I think that using Security Descriptor(s) as it's done on Windows (Allow/Deny on groups/users on features) will be the best way to address the permission management.

I've read that you already plan to release this change, I would like to ask if you can describe the actual changes you're going to make in order to see if it actually resolves this limitation.

Thanks a lot!
Cheers
Adriano

Clock7 yrs

Hi,
Our goal is to offer a similar model but it's not an easy task to implements without compromising the performance. Don't worry we are aware of this feature and we will do our best to make it happen. However, this will be easier for us to implement in Remote Desktop Manager Server first.

David Hervieux

signaturesignature

Clock7 yrs

That's too bad. We're very happy with RDM but RDM Server is not something we need and therefore outside of what I can get budgeted.

Clock7 yrs

Don't worry, I just wrote that it would be easier. If we can do it with the SQL Server data source, we will.

David Hervieux

signaturesignature

Clock7 yrs

Hi all,

are there some news when we will get this awesome feature?

Clock7 yrs

Hi,
in the current beta, you can give different access level for a security group (View, Edit, Add and Delete)

David Hervieux

signaturesignature

Clock7 yrs

where can i configure these different accesslevels?

Clock7 yrs

It's in the current beta, in the user management

http://remotedesktopmanager.com/download/Setup.RemoteDesktopManager.7.4.5.0.exe

File->Administration->Users

Click Edit/Add/Delete and select the group you want to give access
<em>edited by dhervieux on 6/29/2012</em>

David Hervieux

signaturesignature

Clock7 yrs