Is it possible to prevent Contributors from using the administrator credentials to connect?
Answered

Comments

8 comments

  • Avatar
    Peter Franks

    Hi Matt,

    Excellent question and yes, we do have a few ways to limit this type of access.

    Firstly you can create the AD accounts your users require in the OS, then add them to the CloudShare UI for their reference.  Check out our full guide on adding users and setting auto-login

    Next you will want to disable auto-login as below. This will force your end user to enter their credentials each time they access the VM.

    1._edit_environment-edit_users_and_access.png

    2._disable_auto-login.png

    If your users only need to access SharePoint, you also have the option to use Web Access which will completely bypass their direct access to the VM and route them to your SharePoint site.

    Thanks!

    0
    Comment actions Permalink
  • Avatar
    UF UF

    Thank you.  Works perfectly!

    0
    Comment actions Permalink
  • Avatar
    NewUser Web

    But it gives them full access meaning they can change it back to admin or delete?

    0
    Comment actions Permalink
  • Avatar
    Peter Franks

    Correct, however - you can fully delete the user accounts registered in CloudShare - thus removing their listing.  Beware though, username and password management becomes an internal process for you and you will need to keep personal copies of this information.  

    0
    Comment actions Permalink
  • Avatar
    NewUser Web

    Thank you.

    My environment for e.g., has 2 VMs 1 Sharepoint server and 1 SQL Server. I created a user in SharePoint VM with access to Sharepoint server and setup that user to have access to SQL Server. But inviting them as a contributor gives them access to the both the VMs, in addition to do pretty much anything to the whole environment except deleting it(including viewing and changing the admin password, editing hardware configuration, etc). Is there a way to limit access to just 1 VM in the environment?

    0
    Comment actions Permalink
  • Avatar
    NewUser Web

    Basically something like this, I create a DevAdmin user in the VM, setup the user in Cloudshare, send invite, users registers and login and see just the 1 VM, but doesn't have anyother ability on the cloudshare or other VMs in the Shared environment.

    In Summary, for e.g.,

    DevAdmin user just limited access (can only see) to SharePoint Server VM

    DBAdmin user just limited to SQLServer environment

    Neither of them can see other VMs or able to edit the environment.

    0
    Comment actions Permalink
  • Avatar
    Peter Franks

    Hi - unfortunately there is not a built-in function for what you describe.  You could however provide each user with the External Address (pubNNN.env.cloudshare.com) for a specific machine and they could RDP directly to that machine with the credentials you provide them - using Windows Remote Desktop. 

    Please note, that each time they need to connect, you would need to resume the environment and provide them with the new External Address as this is recycled each time the environment Suspends and Resumes.  Also, as this is outside of CloudShare, we wouldn't be able to detect activity and the environment may suspend while they were in the middle of using it.  

    If your SharePoint user needed access to the SharePoint site alone, you could provide them with the Web Access URL and assign it to which ever web application they are working on.  

    If you think this is a vital functionality, feel free to open a feature request.  

    0
    Comment actions Permalink
  • Avatar
    NewUser Web

    Thank you, at least that answers the question, but unfortunately doesn't help my situation. I guess, I don't understand this restriction as this doesn't require a static ip, as the external address is a subdomain, why that is not maintained in a table internally by cloudshare and keep the external subdomain address static. Guess, that is what the feature request is for. :)

    0
    Comment actions Permalink

Please sign in to leave a comment.