User Tools

Site Tools


rootdir_security

Security

Security is increasingly important. As PMA.core has been deployed in ever-more complex scenarios over the years, its security features have evolved, too.

Security pertaining to root-directories is situated at two levels:

  • Security features that enable root-directories to access content, such as:
    • Configure public/secret key combinations for S3 resources
    • Configure account credentials to be used when accessing a UNC network resource path
  • Prevent users from access mounted content through root directories that they are or are not allowed to do
    • Define Access control lists

The following paragraphs elaborate on these respective subjects:

Accessing secured content

Based on the type of data storage that a root directory's mounting point refers to, the configuration offers different options:

Public vs private

As you grow your number of users and root-directories, you might want to change the default setting that everybody is allowed to see everything.

Therefore, root-directories can be marked “public” or “private”:

Public root directories are marked “public”, this means every user has access to them. They can be accessed by anybody who is a registered user in the PMA.core user repository.

Private root directories are marked “private”, which means only select users can see the content. Private root dirs are only accessible by those who have been explicitly given access to the folder through the directory's access control list.

Access control lists

Once marked private, you can select which users are allowed to see the content of a given root directory, and which ones aren't: Do this by pressing the “Edit access control list” link after you have selected the “private” option:

An interactive overview grid is available via the Root directories management view:

It is useful to get an overview of who has access to what. For that, you can request the ACL report from the root-directories view.

The resulting report looks like this:

rootdir_security.txt · Last modified: 2023/11/21 16:14 by chris