Is there no way to give a client access to the users page without giving them the ability to change their own permissions?
Permalink
I set up my clients as administrators and give them access to only what I want them to have access to. Then I set up a super admin group that has access to everything. Is there no way to give administrators access to the user section of the admin without giving them the ability to add themselves to the super admin group?
try enabling advanced permissions.http://www.concrete5.org/documentation/how-tos/designers/using-adva...
This would work with what I'm trying to do? I guess I'm still not sure how.. I can limit their ability to make changes on certain pages.. but I'm not sure how I would give them the ability to add users and groups themselves without being able to simply changes themselves to a super admin and overwrite whatever I set up. On my old CMS.. the superadmin wasn't part of the main dashboard.. It superseded everything and the customers had no access to it.
Anyone?
I'm pretty sure this can be done as 12345j suggested using advanced permissions. The user can see the content but is unable to change it.
Set it up, test it out. It's maybe a little tedious to work through it all, but you can log in as the user from the users and groups tab to test things out.
There is no other way I know of short of custom coding something.
Set it up, test it out. It's maybe a little tedious to work through it all, but you can log in as the user from the users and groups tab to test things out.
There is no other way I know of short of custom coding something.
I'm not just looking for the user to be able to see something and not be able to edit it.. I'm looking for the administrator not to be able to turn themselves into a super admin or change anything within the super admin group. The only way I know of to do it is to not give administrators access to the groups page at all.. but then they can't add their own groups.
If you set advanced permissions, I'm about 99% sure you can prevent them from doing so. However, I'm not about to go spend an hour of my time to list it out step by step for you.
Use the advanced permissions according to the link already provided and post back if it doesn't work. Set the permissions to view only on the page with no edit permissions.
Use the advanced permissions according to the link already provided and post back if it doesn't work. Set the permissions to view only on the page with no edit permissions.
Dude.. I never asked you to spend an hour on this.. This is a "forum".. If you're not sure your solution will fix my problem.. I'd like to wait and see if someone our there is actually sure they know exactly what I'm talking about and it can be done.. because from everything I can see out of what you're saying.. You don't know what I'm trying to do. You keep saying he'll be able to see it without changing anything.. and that's not my question. My question.. is how do I give him the ability to change things within the group withing simply turning himself into a super admin and overruling my changes.. If you don't know that's fine.. but I'm assuming someone out there does.
Thank you..
Thank you..
First off, I'll apologize for my response yesterday. It reads much chippier than I intended. Yesterday was not the best of days.
I've re-read what you're looking to do, and checked on one of the sites I set up in a similar way. I had the admin users locked out of users and groups and tried to switch it over to see how Concrete5 reacted. I see the issue you're having now. For them to create new users and groups they need write access to that part of Concrete5, but they are then also granted access to make themselves or others super admins (or remove your super admin status).
My guess would be that a check would need to be written in php to fine tune the abilities based on group affiliations. I'm running off to a family dinner now, but take a stab at this if I get a chance in the next day or two.
Happy new year.
I've re-read what you're looking to do, and checked on one of the sites I set up in a similar way. I had the admin users locked out of users and groups and tried to switch it over to see how Concrete5 reacted. I see the issue you're having now. For them to create new users and groups they need write access to that part of Concrete5, but they are then also granted access to make themselves or others super admins (or remove your super admin status).
My guess would be that a check would need to be written in php to fine tune the abilities based on group affiliations. I'm running off to a family dinner now, but take a stab at this if I get a chance in the next day or two.
Happy new year.
to be honest, I don't know if advanced permissions will work or not. I think someone submitted a subgroup add-on in the bug tracker, might be worth a look to try and find. But ultimately you want to limit access to something that should also be accessible, so I think you're going to need some custom coding.
You might be going about this the wrong way.
You don't need the super admin group. Your superuser login, the account that you setup when the install was created, is the same thing.
The highest level role for your users is by default 'administrator'. They can't change your superuser options. i.e there is no super user group, they can add themselves to.
I only post this based on your comments on how other CMS systems work. In my experience it's no different with modern versions of C5. Admins can't touch superuser privileges, and can't assign themselves to a group with more permissions than theirs as none exist - unless you've created one, which I don't think you need to do.
To give it context, I limit admin permission on my client sites, but my superuser login, has access to the lot. Superuser isn't an Adminstrator.
Probably as clear as mud that, but I tried. Hope it helps.
You don't need the super admin group. Your superuser login, the account that you setup when the install was created, is the same thing.
The highest level role for your users is by default 'administrator'. They can't change your superuser options. i.e there is no super user group, they can add themselves to.
I only post this based on your comments on how other CMS systems work. In my experience it's no different with modern versions of C5. Admins can't touch superuser privileges, and can't assign themselves to a group with more permissions than theirs as none exist - unless you've created one, which I don't think you need to do.
To give it context, I limit admin permission on my client sites, but my superuser login, has access to the lot. Superuser isn't an Adminstrator.
Probably as clear as mud that, but I tried. Hope it helps.
That's great to know... But that would still give them the ability to give themselves access to any part of the site they wanted to wouldn't it? Or can I restrict them from changing page permissions?
Well, you can hide pages from the admin as superuser and since they can't view or edit those pages, they can't give themselves permission to see or edit it in my experience.
Hope that helps.
Hope that helps.
