Uploaded image for project: 'James Server'
  1. James Server
  2. JAMES-3756

Configurable impresonnation

    XMLWordPrintableJSON

Details

    Description

      What is impersonnation

      Hello I'm Bob, connect me as Alice.

      Use cases:

      • 1. Migration: migration user impersonnate existing user to migrate in/out emails of the user
      • 2. Assistance: An admin impersonate a user to assist them with one problem...
      • 3. Delegation: The secretary impersonnate her boss mails.

      What exists today in James

      Impersonation exists for IMAP AUTHENTICATE PLAIN.

      Impersonation relies on the 'Authorizator' interface.

      A simple implementation of it is provided: We then verify this the user performing the impersonation is an admin account defined in the configuration.

      This makes it suitable for simple use cases defined in 1 and 2 (where multi-tenancy is not an issue)

      However, this is unsuitable for more advanced use cases.

      Proposal

      Provide a configuration option to enable fine-grained authorization.

      If enabled, a storage API for delegation will be enabled (stores user X have the right to impersonate to user Y). We can then have a webadmin API to manage this, as well as the wiring needed in the AUthorizator.

      Attachments

        Activity

          People

            Unassigned Unassigned
            btellier Benoit Tellier
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 5h 50m
                5h 50m