"SuperUser" - howto?

Author Message

Torbjørn Laukvik

Wednesday 27 April 2005 7:47:00 am

Ok, I am sure this has been asked before, so I am very sorry for bothering all of you again....

I want to make a user that has almost exactly the same rights as editor user, EXCEPT that he can create other users within the editor user group.
(The editor user can create/delete content at will from inside the admin part)

Do you understand? he should under noooo circumstances be allowed to create admin users or modify the anon users.

I am using 3.5.1 and switching to 3.5.2 soon. (in case there is some groundbreaking differences in 3.5.2)

Thanks

Bård Farstad

Wednesday 27 April 2005 7:49:59 am

Torbjørn,

this can easily be achieved by setting permissions on editing. You can limit editing/creating of users to a specific subtree. E.g. /user/editor users/. That way users who have rights like this can add and edit other users in that specific place, but nowhere else.

Hope this answered your question.

--bård

Documentation: http://ez.no/doc

Torbjørn Laukvik

Wednesday 27 April 2005 8:05:25 am

It sounds easy, but I'm not quite sure how to attack this.

Have created a new role "superuser"
the problem I'm facing right now is that if I try to add a new user policy for the "superuser" role, it's given no limitation all the time. Is this right? doesn't this mean that if I give someone user access, they can all create admins?

I have of course added a user group with some users in it.

Am I attacking this from the wrong angle?

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.