1. Institut für Technische Optik Avatar Institut für Technische Optik
  2. itom
  3. itom
  4. Issues

Restrictions in user management

Issue #122 resolved
Former user created an issue

At this time every user who can create new users can also create an administrator with full rights. Maybe it would be better if a user could only create users with the same or less rights.

One part would be the role of the user: - administrator can create every role - developer can create developers and users - user can only create users (imho this would be logical and has no negative effects)

The other part would be the permissions of the users like "edit properties" or command line access.

Comments (8)

  1. Oliver Schwanke

    Okay, usermanagement and user’s rights would be handled more easily on a OS level, i think.

    So what’s the point in having OS users AND itom users?

    I think it would be cool to be able to manage file/rights on OS level(say, which pyScripts etc can be read/(executed) and so on

    And maybe manage a venv with the itom users. This would make itom a more sophisticated python IDE.

    But settings would have to be stored on a per-user(OS) basis, e.g. in ~/.itom or so… And maybe concat it with the currently used itomSettignsfiles in SDK/../itomSettings

  2. M. Gronle

    A couple of weeks ago I read a little bit about the Python virtual environments. As far as I have seen, this is not so easy to implement for embedded Python, that is used within itom.

    In general I am open to change the editing rights for non-admin users, as proposed by David, but we can also mix it up with OS-dependent user restrictions.

    Maybe you can make an internal brainstorming again about things, that should be changed in the user management dialog in itom, considerding other existing possibilities. Then we can implement them.

    Cheers

    Marc

  3. thomas kipp

    At this moment for us it would be sufficient, if users can only create users with the same or less rights. So Administrators can create every role, developers can create developers and users and users can only create users.

    Also when creating other users one user can only check the checkboxes with the rights he owns.

    Further changes on user management as mentioned by Oliver would be another issue and are not urgent for our usage.

    Cheers

    Thomas

  6. thomas kipp

    I’ve just looked over it quickly. This might solve part one with the user roles but I don’t see where it solves the permissions (the checkboxes and the console).

  7. thomas kipp

    But now I see, that I forgot the “Edit User” Button. Of course like with creating a user, a normal User or Developer should also not be able to edit an Administrator.

  8. M. Gronle

    This issue has been solved by the pull request #44. A user can only create or edit other users, that have the same or a higher user role than the current user. The user can also only edit features, that he has access to.

  9. Log in to comment
Assignee
Type
proposal
Priority
minor
Status
resolved
Component
core
Milestone
Version
4.1 or higher
Votes
0
Watchers
None
Jira: the preferred issue tracker for Bitbucket. Join the team!