By default, your machine is only accessible to you. However, Teclada allows you to share your machine with others, which can help with debugging, teaching, etc. Click "Share" on the home page to configure access control.
The 'viewer' privilege allows a user to:
The 'runner' privilege grants all privileges of 'viewer', but also allows a user to:
The 'manager' privilege grants a user the right to grant or revoke any privilege on a host, except the 'owner' privilege.
Note that the manager privilege does not automatically grant 'viewer' or 'runner' privileges. A manager can of course grant those privileges to themselves, but this requires a positive (and logged) action.
The 'owner' privilege grants all privileges of 'manager', plus the ability to add or remove other owners.
Note that the owner privilege does not automatically grant 'viewer' or 'runner' privileges. A manager can of course grant those privileges to themselves, but this requires a positive (and logged) action.
The 'viewer' and 'runner' privileges have an additional "Machine user" field. This can be set to a username or UID. If set, permission is only granted to view sessions or run commands as that specific machine user. If unset (or set to 0), permission is granted to view sessions or run commands as any user.
If multiple machine users are required but "all users" is not acceptable, the viewer or runner permissions can simply be granted multiple times.
If a host is installed as a non-root user, it can only be used for running shells as that user. In that case, the Machine User field will not appear when granting access.
This checkbox allows a user to delegate their privileges to other users. The user will be able to grant someone else the same privileges or lesser privileges, but never greater privileges.
Some examples:
In industry, this is often called by the extremely confusing name "discretionary access control". (If a user cannot delegate their privilege to other users, this is called "mandatory access control").
The "manager" and "owner" privileges inherently allow granting more privileges, so this check box does not appear when granting those privileges.
One warning: when this check box is checked, users may be able to grant access to others without being able to revoke that access.
We'd like to implement the ability to grant access for a specific session only, but unfortunately we don't have that feature yet.