Plugins Directory » External Staff Control

26614 Author: Florian Stoffregen
Website: https://auxiliary-x.org/external-staff-control-plugin/
Code repository: -
Registered on: 2021-02-04 (28 days ago)
Current version: 1.0.0
Compatible with: Redmine 4.1.x, 4.0.x, 3.4.x
User ratings:   (0)

External Staff Control Plugin - protect your intellectual property

The External Staff Control Plugin adds a security layer to your Redmine by classifying users into internal and external staff.
This plugin supports you to prevent external staff to gain access to internal information of your company without your consent.
External users only see projects they are member of. Internal users will experience the same Redmine functionality as they always have without any restrictions.

Features:

  • handle the access permissions of all users according to the least privilege principle
  • access control for projects, issues, wikis, links, issue history, news, activities, etc.
  • access violations are reported in your Redmine logfile
  • Dead links are rendered as restricted links

Auxiliary-X External Staff Control Plugin


Internal & External Staff Configuration

Fully control the permissions of your internal and external staff. The plugin follows the least privilege principle to protect your assets. Every new user in your Redmine gets the status "external staff". As soon as you classify a user as "internal staff", the user gets access to all public projects.

Protect sensible projects

URL crawling is prevented by redirecting unauthorized access (403) warnings to a resource not available (404) notification. This prevents that the existence of certain projects will be revealed by simply crawling through possible project names or iterating the issue counter.

Project overview comparison (internal vs. external staff)

Internal Staff External Staff

External users only see projects they are member of. Internal users will experience the same Redmine functionality as they always have without any restrictions.

Issue rendering comparison (internal vs. external staff)

Internal Staff External Staff

External users only see information related to the project they are a member of. Items which link to information of a project inaccessible to the external user, history entries, a related issue list item, wiki page links, issue links, etc., are hidden by the External Staff Control Plugin.

Changelog

1.0.0 (2021-02-04)

Compatible with Redmine 4.1.x, 4.0.x, 3.4.x.