Scorpio Features Greater Control Over Administrator And RDS Security

One of the Scorpio features that we’ve been demoing to wide acclaim, is the increased control and flexibility in managing ColdFusion Administrator Access and RDS access. In ColdFusion today, there is a single password for each of these features, and a user with the Administrator password has full access to CF Administrator, and no access without it. The same is true of RDS.
Scorpio allows administrators to define multiple users, each with their own login. Users access can then be controlled in a variety of ways:

  • A user can be granted Administrative Access, either via the Administrative Console and the Admin API, or just the latter.
  • If granted Administrative Access, users can be given access to all Administrative capabilities, or can be explicitly granted or denied access to over twenty specific roles (for example, Data Sources, Debugging, Logging, Packaging And Deployment, and so on).
  • Users can also be granted RDS access, so as to be able to browse data sources, run Eclipse wizards, use the SQL Query Builder in the Report Builder, use the new Eclipse Debugger, and more.
  • If granted RDS access, that access may be restricted to specific sandboxes (effectively allowing you to grant access to specific data sources, folders, and so on).

5 responses to “Scorpio Features Greater Control Over Administrator And RDS Security”

  1. Clint Avatar

    Hey Ben, is there anyway you can block that jerk from those stupid loser comment postings?
    Love the new CFIDE administrator!
    Side note: I have the beta because I’m a tester but barred from posting Scorpio features on my own blog. I’m so jealous you get to spout the juicy fillings first.

  2. Ben Forta Avatar
    Ben Forta

    I do block most, but some are determined and even enter captcha text manually (often over and over), I kill the comments, but it is had to block them all.
    — Ben

  3. William from Lagos Avatar
    William from Lagos

    Does this mean good news for Shared Web Hosting accounts?

  4. Ben Forta Avatar
    Ben Forta

    William, if they opt to use this feature, then yes.
    — Ben

  5. Russ Michaels Avatar
    Russ Michaels

    As you shouldn’t really be doing development directly on a live production server, I can’t see hosts providing this and encouraging this behavior which developers insist on doing anyway.


Leave a Reply