Project

General

Profile

Actions

Feature #13326

open

Security against Administrators

Added by Jonathan Chen about 11 years ago. Updated about 11 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:

Description

We are wanting to add security against certain system administrators for example:

User Administrator will be able to administer to User accounts such as user creation, etc.

Project Administrator will only be able to manage and administer to projects.

The reasoning is that we have some confidential projects that we would like to have system administrators to not have access to it.

Actions #1

Updated by Pavel Lautsevich about 11 years ago

+1

Actions #2

Updated by Jan Niggemann (redmine.org team member) about 11 years ago

  • Status changed from New to Needs feedback

The administrator of the underlying OS will most likely have access to the raw data in the database. How would you deal with that?

Actions #3

Updated by Jonathan Chen about 11 years ago

One person will always have access to the whole thing or at least to parts of it no matter what you do. Even if I do system wide encryption there would be at least one person having access to it. I do not have any issues with that one person since its me. But in my organization we have about 200+ users in the system, and it would be nice for me to delegate some of the task of user maintenance, project maintenance, etc. to others without having to give full access to everything.

But to answer your question to how we protect against the OS admin would be to use some sort of auditing procedures. Redmine doesn't really have any auditing features, but I would do auditing on the DB level to audit who looks into the database.

Actions #4

Updated by Jan Niggemann (redmine.org team member) about 11 years ago

  • Status changed from Needs feedback to New
Actions

Also available in: Atom PDF