ps at phillipadsmith
Sep 21, 2012, 5:09 PM
Post #4 of 5
(723 views)
Permalink
|
|
Re: Create a non-global admin for site who can create groups
[In reply to]
|
|
Hi Clare,
It doesn't sound as straightforward as it should, but if you have a solution that is working all I can say is "carry on!" :)
Phillip.;
On 2012-09-21, at 3:57 PM, Clare Parkinson <clare.parkinson [at] gmail> wrote:
> Thanks for the advice, Phillip.
>
> I will try to explain more clearly: I want to create a user who can create
> groups and add newly created users to those groups, but who is not a global
> admin.
>
> I have these permissions configured:
>
> "Regional admin users" user group has permissions:
>
> - All Groups - Create
> - "Regional groups" group - Edit
> - All Users - Create
> - "Regional users" users group - Edit
>
> Whatever I do, I can't get a member of the "Regional admin users" user
> group to create a group and then be able to assign users to it. The
> "Regional admin user" member can't assign herself to her newly created
> group, so she can't administer it. Having the new group added to the
> "Regional groups" group doesn't seem to help.
>
> I've come up with a workaround: having the global admin create a whole
> bunch of temporary groups of various types (e.g. "Regional users group temp
> 1", "Regional workflow group temp 1") and assign a member of "Regional
> admin users" to each temporary group. Then the "Regional admin user" member
> can rename the groups, add and edit users, etc. I've only done one test,
> but I think that might work. The global admin will have to help set up all
> the temporary groups, but once they're in the hopper the regional admin can
> do whatever she needs to with them.
>
> If that sounds broken and/or ludicrous, let me know.
>
> thanks for the help and moral support!
>
> -clare
>
>
> On 2012-09-18, at 4:28 PM, Clare Parkinson <clare.parkinson [at] gmail>
> wrote:
>
>> First post
>
> Welcome.
>
>
>> - apologies if this has already been answered elsewhere. I've
>> been reading and rereading the Security docs
>> http://bricolagecms.org/docs/2.0/api/Bric/Security.html#Authorization
>
> You may also want to read/watch
> http://www.phillipadsmith.com/2008/04/bricolage-permissions-101.html
>
> I'm not 100% following what you're hoping to do, but I might recommend
> having two different browsers open at the same time -- e.g., Firefox logged
> in as 'Global Admin and Chrome as 'Regional Admin' -- and experiment with
> the various permissions like that.
>
> Otherwise, it would help if you can explain what you're hoping to achieve a
> bit more clearly… are the 'Regional Groups' that you're creating User
> Groups?
>
> Phillip.
>
> --
> Phillip Smith
--
Phillip Smith
http://phillipadsmith.com
http://twitter.com/phillipadsmith
http://linkedin.com/in/phillipadsmith
If your email inbox is out of control, check out http://sanebox.com/t/s0q7m
Save our in-boxes! http://emailcharter.org
|
