[Suggestion] Allow non-administrator user to change password in Management GUI #13410
-
RabbitMQ series4.0.x Operating system (distribution) usedWindows How is RabbitMQ deployed?Windows binary package What would you like to suggest for a future version of RabbitMQ?(On RabbitMQ 3.13.7, did not read anything on this in the release notes, thus posting it on 4.0.x) Stubborn as I am I logged in as one of the users and indeed I cannot find any location to change the password. A user cannot click on itself on the right top and also the tab Admin is fairly empty. A user should always be able to change their password, right? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
@alienfs the password change operation has always required access to CLI tools or administrative privileges. Passwords are very often rotated on a certain schedule by cluster operators, not changed by users themselves. I can see both points of view but there are no plans to change this behavior. I fact, as more and more installations adopt OAuth 2, passwords generally become less relevant even for management UI access, and credential management becomes completely centralized (except for token renewals anyway). |
Beta Was this translation helpful? Give feedback.
-
|
@michaelklishin: Linus Torvalds once wrote something about requiring root permissions for mundane tasks. I can't link to his post, since Google+ has removed it I think. |
Beta Was this translation helpful? Give feedback.
-
|
@alienfs I don't care one bit about what Linus Torvalds once said. I do care about how large RabbitMQ fleets are managed and what our largest users think: they appreciate it because credential rotation in infrastructure software is a planned maintenance operation performed in a centralized, coordinated way. In other words, RabbitMQ is very much NOT like your typical website where only you can change your credentials. It is a piece of infrastructure where credentials are usually rotated by the team that manages it. |
Beta Was this translation helpful? Give feedback.
-
|
…and in development environments folks usually have access to |
Beta Was this translation helpful? Give feedback.
@alienfs the password change operation has always required access to CLI tools or administrative privileges.
Passwords are very often rotated on a certain schedule by cluster operators, not changed by users themselves.
I can see both points of view but there are no plans to change this behavior. I fact, as more and more installations adopt OAuth 2, passwords generally become less relevant even for management UI access, and credential management becomes completely centralized (except for token renewals anyway).