Feature #13326
open
Security against Administrators
Added by Jonathan Chen about 11 years ago.
Updated about 11 years ago.
Description
We are wanting to add security against certain system administrators for example:
User Administrator will be able to administer to User accounts such as user creation, etc.
Project Administrator will only be able to manage and administer to projects.
The reasoning is that we have some confidential projects that we would like to have system administrators to not have access to it.
- Status changed from New to Needs feedback
The administrator of the underlying OS will most likely have access to the raw data in the database. How would you deal with that?
One person will always have access to the whole thing or at least to parts of it no matter what you do. Even if I do system wide encryption there would be at least one person having access to it. I do not have any issues with that one person since its me. But in my organization we have about 200+ users in the system, and it would be nice for me to delegate some of the task of user maintenance, project maintenance, etc. to others without having to give full access to everything.
But to answer your question to how we protect against the OS admin would be to use some sort of auditing procedures. Redmine doesn't really have any auditing features, but I would do auditing on the DB level to audit who looks into the database.
- Status changed from Needs feedback to New
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by