1. Home
  2. General
  3. Feature Requests
  4. RE: Support fine granular permission handling to the Job Scheduler Application

RE: Support fine granular permission handling to the Job Scheduler Application

Jamie Sammons, modified 1 Year ago.
Support fine granular permission handling to the Job Scheduler Application
New Member Posts: 3 Join Date: 7/29/24 Recent Posts

Current state

According to https://learn.liferay.com/w/dxp/liferay-development/core-frameworks/job-scheduler-framework/using-job-scheduler (and personal experience) only administrators can view the Job Scheduler Application. A support ticket (https://help.liferay.com/hc/en-us/requests/114590) was closed with the recommendation to open a feature request.

Feature Request

Background: My client separates technical administration (managed by a service contractor) and functional administration (managed by themselves). Jobs are developed by the service contractor and deployed. Daily business is managed by the client side. In consequence the administrator account is assigned and used only by the contractor. However functions like "Run now", changing the schedule, reviewing logs are typical use cases for a (power) user group located at the client side. On the other side, giving administrator permission to the function administration would mix technical administration use cases with functional administration too much in terms of responsibility and security. 

Description

I recommend to open the Job Scheduler UI to other user groups as well. I know, this may have impact to the security and stability of the whole system if a functional administrator does as mistake. But: this should be a management decision to accept this risk, not a technical limitation. To meet security and administration requirements I would emphasize a fine granular permission handling for the Job Scheduler:

- provide a permission who may enter the Job Scheduler UI (read only) 
- provide a permission handling who may upload new job
- provide a permission who may view logs
- provide a permission who may edit schedules
- provide a permission who may click "run now"
- do not bind the permissions with administrator role (maybe as default, configurable for customers with these requirements described above)

(not my personal requirement but possible as well):
- provide option to configure this individually for each job 

With this fine granular requirements the platform could be used as a "real" job management platform as well.

 

 

thumbnail
Jamie Sammons, modified 1 Year ago.
RE: Support fine granular permission handling to the Job Scheduler Application
Expert Posts: 367 Join Date: 9/5/14 Recent Posts

Feature Request Created: https://liferay.atlassian.net/browse/LPD-32679