Details
-
New Feature
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
None
-
None
-
None
Description
guacamole already has lots of options available to everyone who can create/edit connection profiles - in particular "device redirection".
This enables organizations who want to restrict things to do so - but only if they remove the option for end-users to create new connections. ie orgs have to go complete "nanny state" mode and remove all versatility from users.
How about if you enabled an "admin only" mode where options could be disabled globally within guacd.conf, and then only accounts with full admin privs could even see them? Then when other users with "create" access go to create/edit a connector, those options don't even show up - thereby stopping them from using them. I think the sections named "Remote Desktop Gateway", "Device Redirection", "Preconnection PDU / Hyper-V", "CONCURRENCY LIMITS", "LOAD BALANCING", "GUACAMOLE PROXY PARAMETERS", "Screen Recording" and "SFTP" all should be disable-able. That would allow orgs to allow individuals the flexibility of being able to create their own connectors, but restrict their options to a level the org is comfortable with - and with those areas not even showing up to the end-user, it would improve ease of use (you have to know quite a bit for most of those options to even make sense).
Also, clipboard itself should really be a "device redirection" option too. I think clipboard in a connection profile should able to be configured as bidirectional (browser<=>server), or browser=>server only (server<=>server should always be allowed)
Thanks for listening!
Jason