search

Barts-Life-Science / AzureTRE

An accelerator to help organizations build Trusted Research Environments on Azure.
https://microsoft.github.io/AzureTRE
MIT License
0 stars 0 forks source link

Copy/paste should be configurable on a per-workspace basis, and only by the TRE Admin #74

Open TonyWildish-BH opened 2 months ago

TonyWildish-BH commented 2 months ago

Is your feature request related to a problem? Please describe. Some projects aren't going to use sensitive data, in which case they should be allowed arbitrary copy/paste, and maybe even file upload/download.

Other workspaces, the raison d'etre for the TRE, should not be allowed to access copy/paste between the host and the workspace.

Describe the solution you'd like At the moment, copy/paste is a user-configurable option in the Guacamole service, which means the Workspace Admin can configure it. This should not be the case, the choice should be hardwired into the workspace by the TRE Admin who creates it.

We also need to investigate if copy/paste can be configured to be allowed within the workspace, but not between the workspace and the browser host. I.e., if the user can copy/paste between their applications on their VM, but not between their VM and their laptop.

TonyWildish-BH commented 2 months ago

With copy/paste disabled at the Guacamole service level, I can copy/paste between windows in VMs hosted by Guacamole, but not between those VMs and my laptop.

With copy/paste enabled in Guacamole, I can copy/paste between my laptop and my VMs

So that functionality is working the way we want.

TonyWildish-BH commented 1 month ago

See also #105, which mentions the need to copy/paste SAS URLs for the airlock. That needs a better design.