Restrictions in user management
At this time every user who can create new users can also create an administrator with full rights. Maybe it would be better if a user could only create users with the same or less rights.
One part would be the role of the user: - administrator can create every role - developer can create developers and users - user can only create users (imho this would be logical and has no negative effects)
The other part would be the permissions of the users like "edit properties" or command line access.
Comments (8)
-
-
A couple of weeks ago I read a little bit about the Python virtual environments. As far as I have seen, this is not so easy to implement for embedded Python, that is used within itom.
In general I am open to change the editing rights for non-admin users, as proposed by David, but we can also mix it up with OS-dependent user restrictions.
Maybe you can make an internal brainstorming again about things, that should be changed in the user management dialog in itom, considerding other existing possibilities. Then we can implement them.
Cheers
Marc
-
At this moment for us it would be sufficient, if users can only create users with the same or less rights. So Administrators can create every role, developers can create developers and users and users can only create users.
Also when creating other users one user can only check the checkboxes with the rights he owns.
Further changes on user management as mentioned by Oliver would be another issue and are not urgent for our usage.
Cheers
Thomas
-
-
assigned issue to
-
assigned issue to
-
does the commit solve the issue? https://bitbucket.org/itom/itom/commits/ca23890bf6f0d04ef26e2856e95fbf8323ad2f93
-
I’ve just looked over it quickly. This might solve part one with the user roles but I don’t see where it solves the permissions (the checkboxes and the console).
-
But now I see, that I forgot the “Edit User” Button. Of course like with creating a user, a normal User or Developer should also not be able to edit an Administrator.
-
- changed status to resolved
This issue has been solved by the pull request #44. A user can only create or edit other users, that have the same or a higher user role than the current user. The user can also only edit features, that he has access to.
- Log in to comment
Okay, usermanagement and user’s rights would be handled more easily on a OS level, i think.
So what’s the point in having OS users AND itom users?
I think it would be cool to be able to manage file/rights on OS level(say, which pyScripts etc can be read/(executed) and so on
And maybe manage a venv with the itom users. This would make itom a more sophisticated python IDE.
But settings would have to be stored on a per-user(OS) basis, e.g. in ~/.itom or so… And maybe concat it with the currently used itomSettignsfiles in SDK/../itomSettings