Page 1 of 1

Restrict users from starting/stopping/deleting jobs

Posted: Fri Feb 19, 2021 10:11 am
by giel_4321
Hi Timur’

Is there a way to restrict users from starting/stopping or deleting jobs in the web interface?

Re: Restrict users from starting/stopping/deleting jobs

Posted: Fri Feb 19, 2021 12:04 pm
by timurhai
Hi!
Wow, such hard restrictions, may be just to block WebGUI site ))

There is no such limitations. GUIs are written to manipulate jobs.

1. Why web gui? Common GUI is Qt - AfWatch. It works much-much faster and consume much-much fewer resources, and on client and on the server side! WebGUI mostly designed to watch Afanasy on a machine where you can't install it, table, phone, 32bit computer, exotic OS and so on. Lots of opened WebGUIs can slow down the Afanasy system.

2. By default GUIs are in user mode. User can see/manipulate only his jobs only. Only when a GUI is in admin mode, it can manipulate all users jobs. AfWatch get username from a machine environment. For a web GUI, you should set user name (there is no login procedure, yet).
To open WebGUI settings, click a button with an arrow in a top-left corner.

Re: Restrict users from starting/stopping/deleting jobs

Posted: Wed Nov 02, 2022 1:55 pm
by andrep
Hi!

I know this is a bit outdated topic, but I think it is still relevant.

I actually want to connect my rendernodes to a renderfarm that is on a different public network.
The rendernodes should just be able to connect to the farm on <pub IP:port> as usual.

However, I do not want the web GUI to be viewable by anyone without a password.
I can think of just using .htaccess and .htpasswd files to the web admin folder.
Though, It would be nice to have some security options implemented in the software for easier setup instead.

Any tips or ideas I could try out?

Cheers!
André

Re: Restrict users from starting/stopping/deleting jobs

Posted: Thu Nov 03, 2022 7:35 am
by timurhai
Hi!
For now there is no authentication in Afanasy, as since v3.x.x network workflow has significantly changed, and the old authentication way does not work.
I am not in a hurry to rewrite the authentication mechanism.
We (and many other users/studios) use Afanasy across public networks.
The Best way is VPN, SSH and maybe others.
Anyway Afanasy (2.x.x) has some authentication, but has no data encryption. VPN and SSH - has, and it is better for public networks.

Re-implementing authentication in Afanasy is in plans, but in the near future.
This is mostly needed for afserver to identificate WebGUI users, not for remote network connections.

Data encryption implementation is not in plans at all.
There are lots of professional tools for it right now, let Afanasy be tasks distribution specialist, not data encryption.

Re: Restrict users from starting/stopping/deleting jobs

Posted: Thu Nov 03, 2022 9:25 am
by andrep
Thank you for the clarification, Timur.

We use CGRU 3.2.1 right now and maybe upgrade to the latest version when we are between projects.
I do agree that it is not necessary to implement all kinds of encryption that can be dealt with by other tools.
But it is good to remind users on their safety, especially when connecting across public networks. :)