Feature #3193
closedAllow compartmentalisation/filtering of permissions by Organistion/Location
Description
It would be nice if a user in an organisation could be granted 'edit user' access (etc.) solely for other users within his organisation. (Ditto for location.)
As with the usual separation of powers model, the permission should not allow the privileged user to elevate any others to his own level. (E.g., in IRC, you typically can only grant your-access-minus-one to others.)
With a limited number of administrators, the ability to delegate this sort of self-maintenance to organisations would be extremely useful.
Perhaps this can be done as simply as adding the organization and location bits to the filter list on the user profile page.
Updated by Marek Hulán almost 11 years ago
- Related to Feature #812: cant assign roles to groups, just to users added
Updated by Marek Hulán almost 11 years ago
- Difficulty deleted (
easy)
Delegation on taxonomy level should work in new permission system. However limiting of assigned permissions can be tricky because user can have different permissions in different taxonomies. Therefore removing easy difficulty.
Updated by Dominic Cleal almost 11 years ago
- Status changed from New to Ready For Testing
- Assignee set to Marek Hulán
- Target version set to 1.9.0
Updated by Dominic Cleal almost 11 years ago
We think this is implemented through #812 but it requires further verification and testing, it may need followup work.
Updated by Dominic Cleal almost 11 years ago
- Status changed from Ready For Testing to New
- Assignee deleted (
Marek Hulán) - % Done changed from 0 to 80
Updated by Dominic Cleal almost 11 years ago
- Blocks Tracker #4552: New permissions/authorization system issues added
Updated by Anonymous over 10 years ago
- Target version changed from 1.9.0 to 1.8.4
Updated by Anonymous over 10 years ago
- Target version changed from 1.8.4 to 1.8.3
Updated by Marek Hulán over 10 years ago
- Blocked by Bug #5929: Taxonomy selectors do not obey assign_$taxonomy permissions added
Updated by Marek Hulán over 10 years ago
#5929 should be the last missing part
The role to manage users in other orgs should include two filters, first granting *_users permissions limited to specific org and second allowing view_organizations and assign_organizations (filtered for ids of specific orgs).
Updated by Marek Hulán over 8 years ago
- Status changed from New to Resolved
I think this is implemented for a while, please let us know if there's something missing.