HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Edit member for none super admin?

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#93606 (In Topic #18713)
Avatar

Honoured member

How do I give none super administrators privileges to edit member profile fields? I have two staff user groups, admins who edit the entire site, but a smaller group of people with access to only a few areas: Calendar, newsletter, support tickets. I cannot seem to find a way to allow this other group the ability to access and change hidden/custom profile fields of other members.
 
Can anyone tell me how this permission is given without making the group super admins?
Back to the top
 
Posted
Rating:
#93607
Avatar

Community saint

Have you tried the Edit member's in special ways (e.g. banning or validating them) option in Admin Zone Security Choose Privileges: Forums?

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#93608
Avatar

Honoured member

Yes they have all global privileges except for impersonate other members.
Back to the top
 
Posted
Rating:
#93609
Avatar

I think you need the "View any member profile fields, including restricted custom ones" privilege. If the member can view all fields, the system will assume by nature of them being allowed to edit other profiles, they can edit all fields too.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93610
Avatar

Honoured member

That permission was given, but the user could only edit their own profile. In addition they could not delete user profiles.

For the site the members accounts are used as account records for clients. The people who manage the accounts can't have access to other website editing privileges.

I gave this group all global privileges to see if it was missing something, including the two suggestions listed here and there was no change in accessibility to edit existing users. The group could however make new users.

Is this a bug?
Back to the top
 
Posted
Rating:
#93611
Avatar

Honoured member

In addition, the problem is basically they can't edit other members at all. The Edit option dose not appear on any profile but their own. They can however (with all global permissions) seemingly access/edit all the rest of the website.
Back to the top
 
Posted
Rating:
#93612
Avatar

I think temp1024's answer was correct then, that should have worked.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93613
Avatar

Honoured member

The problem is they have all the global permissions enabled. There is still no ability to edit other profiles. The two suggested have been enabled from the start. I will try makeing a new group and set theses permissions again, to see if i get the same results.
Back to the top
 
Posted
Rating:
#93614
Avatar

Honoured member

Same result. No matter the privileges i set, it seems unless i tick Super Administrator in the Usergroup settings, no users in that group can edit profiles.
Back to the top
 
Posted
Rating:
#93615
Avatar

You mentioned "global permissions", but we renamed it to "global privileges" a few versions back. Are you on an older version, and if so which? It's possible the permission scheme has changed.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93616
Avatar

Community saint

Chris Graham said

I think you need the "View any member profile fields, including restricted custom ones" privilege. If the member can view all fields, the system will assume by nature of them being allowed to edit other profiles, they can edit all fields too.
I saw that option, but dismissed it because it was for view and not edit.

While I understand your logic, its too big a logic leap. Logically, if you have a separate and specific view permission then you should also have a corresponding edit (and delete where appropriate) permission.

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#93617
Avatar

Honoured member

Sorry i am useing Version 9.0.2 currently. I am missnameing the section. It is the Global Privileges i am refering to.
Back to the top
 
Posted
Rating:
#93618
Avatar

temp1024 said

Chris Graham said

I think you need the "View any member profile fields, including restricted custom ones" privilege. If the member can view all fields, the system will assume by nature of them being allowed to edit other profiles, they can edit all fields too.
I saw that option, but dismissed it because it was for view and not edit.

While I understand your logic, its too big a logic leap. Logically, if you have a separate and specific view permission then you should also have a corresponding edit (and delete where appropriate) permission.

It's not quite that. Think of it this way: you have permission to edit the member's stuff, but because you're not allowed to view those fields, ocPortal can't put them up for editing (as that would leak their contents). It's more of a corner case, it only affects those non-public fields, in the general case fields don't require any extra privilege. Maybe ideally it would not be a checkbox, but a dropdown or radio of different access levels - but ocPortal privileges are all checkboxes.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93619
Avatar

I actually just tested this. I gave all groups "Edit member's in special ways (e.g. banning or validating them)", and then on a default install the "test" user was able to edit the "admin" account.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93620
Avatar

Honoured member

I don't think i explained it clearly. These users do not get the edit option on any profiles. It's not the fields, its everything. They cannot alter any profiles at all. Even though I have given them every Global Privilege.

They can edit their own profile like normal… but that is the only profile on the entire site that can be edited by them. That is why im asking if this is a bug now… because i understand this should work. It simply is not.
Back to the top
 
Posted
Rating:
#93621
Avatar

Btw, there is another setting that should also work, and originally was the preferred way of doing this (I think the privilege we're recommending has a weird naming now - I'm going to change it). The old-style way, which is a bit of a nuclear option, is "Assume the identity/access of any other member". It grants SU access (switch user), although theoretically it doesn't let you SU to an admin account or put people into admin accounts.

If "Edit member's in special ways (e.g. banning or validating them)" won't work for you you can open a free bug report ticket with server access and I'll try and see why.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93622
Avatar

DivinityOne said

I don't think i explained it clearly. These users do not get the edit option on any profiles. It's not the fields, its everything. They cannot alter any profiles at all. Even though I have given them every Global Privilege.

They can edit their own profile like normal… but that is the only profile on the entire site that can be edited by them. That is why im asking if this is a bug now… because i understand this should work. It simply is not.

Yeah I do understand. When I tested, I did get the edit tab on admins profile, when logged in as test.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93623
Avatar

Honoured member

I saw that option but that option is definitely not viable for this site.
Back to the top
 
Posted
Rating:
#93625
Avatar

Honoured member

I need to seek permission to allow you access to the site (since there is a large amount of privet information stored on it), if your willing to investigate this problem first hand. I will feel really stupid if it is some simple mistake i am makeing.

If thats an option.
Back to the top
 
Posted
Rating:
#93626
Avatar

Well I'm a bit baffled by it, so maybe it is a bug.

One more thing you can try…

If you make a writable blank data_custom/permissioncheckslog.php file, ocPortal will write permission checks into that. Refresh a member account when you've made that, download that file, then delete it from the server, then zip it and send it to me. If you leave it around it'll get filled with noise and eat up disk space.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
1 guests and 0 members have just viewed this: None
Control functions:

Quick reply   Expand