sudo mechanism ala UAC?
Permalink
Hi,
in the line with my preceding ticket, it would be nice to have the ability to create users with low permissions sets and allow the user to "escalate" (provided he has an escalation password) for some actions if he wants to do them.
Ideally those actoins would not be completely hidden, or the user could just hit a "sudo" button which would make him become temporarily super-admin all powerful till the end of the session (or till he hits the sudo button again).
In the same line, having a warning displayed in the toolbar (or having the toolbar turning red or something) to show the current user is super-admin enabled.
This way, we could start categorizing actions into safe and not safe actions. Non safe actions would only be accessible if you sudo. This process would keep the user safe from destroying anything (unless he escalates his perms, but then he knows he is in a danger zone).
Example of actions in the danger zone :
- deleting a single page
- installing/uninstalling a package
- changing his db password or configuration
- etc…
github issue:https://github.com/concrete5/concrete5-5.7.0/issues/1796...
in the line with my preceding ticket, it would be nice to have the ability to create users with low permissions sets and allow the user to "escalate" (provided he has an escalation password) for some actions if he wants to do them.
Ideally those actoins would not be completely hidden, or the user could just hit a "sudo" button which would make him become temporarily super-admin all powerful till the end of the session (or till he hits the sudo button again).
In the same line, having a warning displayed in the toolbar (or having the toolbar turning red or something) to show the current user is super-admin enabled.
This way, we could start categorizing actions into safe and not safe actions. Non safe actions would only be accessible if you sudo. This process would keep the user safe from destroying anything (unless he escalates his perms, but then he knows he is in a danger zone).
Example of actions in the danger zone :
- deleting a single page
- installing/uninstalling a package
- changing his db password or configuration
- etc…
github issue:https://github.com/concrete5/concrete5-5.7.0/issues/1796...
+1 on both of those suggestions. Could we add an audit trail / log in there as well?
Our permissions model (when you turn on advanced) is already very, very advanced. I can't imagine adding another layer of abstraction. As others have said I do think there's definitely a case for an adding an audit log of actions that people perform but I don't think there's a need for another kind of sudo mechanism
Concrete5 already has numerous ominous messages when you try and delete certain system things. I think we'd be further ahead beefing up those confirmation warnings than introducing yet another security layer.
I think having the choice to use it would be important too. Some people might object to having it on by default.