HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Permissions/Privilages

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#108468 (In Topic #21133)
Avatar

Fan in action

New Administrator Account

I created a new usergroup called "Administrator". Notice it is singular, without the "s".

I want to restrict this usergroup to be able to view all member's profiles and edit them, BUT --- this is a Big but, I do not want him to be able to change/add/edit any "Administrators" profile. Notice this is plural. with the "s".

So, I will have:

Administrators <- default Admin "The Boss".
Administrator <- Admin usergroup I created to customize permissions and privileges.

Administrator can view and edit any member's profile EXCEPT THE ADMINISTRATOR.

How do I set this up. I went through everything and I may be missing it.

Thx
Back to the top
 
Posted
Rating:
#108469
Avatar

Hi,

There's no real way to do that right now I'm afraid.

The default super moderators group can do almost all admin tasks except ways to elevate their privileges to a full administrator. But they can interfere with admin accounts by editing them.

At the end of the day, you trust your staff plus keep proper backups, or you don't have a viable site in any case. Because even a small amount of access for someone who abuses it could result in massive vandalism.

If there are lower level people you might want to keep them from being able to edit any member.

Maybe I am not following your use case well enough. Can you give me a situation where a staff member editing an admin account is worse than vandalising 100 non-admin accounts? There may be one that I'm not thinking about. We'd seek to only admin more privilege granularity if there really is a common use case here.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#108470
Avatar

Fan in action

I did it.

I basically did not give permission to the "administrator" usergroup to view or edit members. He/She can only add members.

lol

note: The method I used did take away the permission for anyone in the administrator group to view any members accounts/profiles. It did not however take away the privilege to create a new account.

This is kinda a cheap way of doing it, but suffice to say it will do for now.

suggestion: For the new version of ocPortal "Composer CMS" it would be nice or I should say needed, for Full blown Administrators to have a choice to either hide their profile, or show their profile, but to be able to not give permission for anyone to edit the admin's profile.



Last edit: by vynum
Back to the top
 
There are too many online users to list.
Control functions:

Quick reply   Contract

Your name:
Your message: