server root access through authentication token
It happens quite often that one locks himself out of the server. This can happen if an invalid user becomes server owner and/or some deny-settings are set inappropriately. It happened serveral times to me and I've also seen this several times in the forum. The provided solution is to reset ACL settings in the database with all its disadvantages.
Another scenario is changing the authorization mode. We want to switch to Active Directory soon. In this case, all users in the ACL become invalid since they are unknown to the server. In order to maintain access to the server I need to switch the owner to ALL_USERS before switching to AD. After switching, I can assign an AD user or group to be the owner. Therefore, the server security is disabled during that time.
I suggest to implement a fallback access to the server. The server owner can generate a security token that needs to be read out of the server log files or from the database respectively. That is, only persons that have access to the server machine ("machine owner") are able to gain that token. The token enables the user to edit the ACL on the server. The advantage is that the token based access is guaranteed to be available at any time.
I think this one can be closed because the web admin frontend is able to regain access to a server the admin has locked himself out from.
I'm not thinking of changing the security mode. If the server is still accessible to developers for checkout/checkin operations (but the acccess to "Repository server permissions" is blocked) the administrator would block the development team by changing the security mode.
I was thinking of something like navigating to "Repository server permissions" and in the deny dialog one could enter a security token. Something like an additional button"create security token" which triggers the server to create the token. The dialog then shows a text input field where the machine owner can enter the token from the machine. This gives access to server permissions settings and one could set the appropriate ACL.
And you mean you somehow authenticate with the token instead with user/passwd or whatever, right? Something like "Security Mode = user token" and then the token.
I've written "The server owner can generate a security token"; of course this ability is not limited to the server owner (since it is invalid and the owner is locked out). The token can be generated by the machine owner or even by everyone, but only the machine owner can access it finally.