Allow compartmentalisation/filtering of permissions by Organistion/Location
It would be nice if a user in an organisation could be granted 'edit user' access (etc.) solely for other users within his organisation. (Ditto for location.)
As with the usual separation of powers model, the permission should not allow the privileged user to elevate any others to his own level. (E.g., in IRC, you typically can only grant your-access-minus-one to others.)
With a limited number of administrators, the ability to delegate this sort of self-maintenance to organisations would be extremely useful.
Perhaps this can be done as simply as adding the organization and location bits to the filter list on the user profile page.
Updated by Marek Hulán almost 10 years ago
- Difficulty deleted (
Delegation on taxonomy level should work in new permission system. However limiting of assigned permissions can be tricky because user can have different permissions in different taxonomies. Therefore removing easy difficulty.
Updated by Marek Hulán over 9 years ago
#5929 should be the last missing part
The role to manage users in other orgs should include two filters, first granting *_users permissions limited to specific org and second allowing view_organizations and assign_organizations (filtered for ids of specific orgs).