Project

General

Profile

Actions
Copy link

Feature #3193

closed

Allow compartmentalisation/filtering of permissions by Organistion/Location

Added by Ken Coar over 10 years ago. Updated almost 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Users, Roles and Permissions
Target version:
-
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

It would be nice if a user in an organisation could be granted 'edit user' access (etc.) solely for other users within his organisation. (Ditto for location.)

As with the usual separation of powers model, the permission should not allow the privileged user to elevate any others to his own level. (E.g., in IRC, you typically can only grant your-access-minus-one to others.)

With a limited number of administrators, the ability to delegate this sort of self-maintenance to organisations would be extremely useful.

Perhaps this can be done as simply as adding the organization and location bits to the filter list on the user profile page.

Related issues 3 (1 open2 closed)

Related to Foreman - Feature #812: cant assign roles to groups, just to usersClosedMarek Hulán03/31/2011Actions
Blocks Foreman - Tracker #4552: New permissions/authorization system issuesNew

Actions
Blocked by Foreman - Bug #5929: Taxonomy selectors do not obey assign_$taxonomy permissionsClosedMarek Hulán05/26/2014Actions
Actions
Copy link
 #1

Updated by Marek Hulán about 10 years ago

  • Related to Feature #812: cant assign roles to groups, just to users added
Actions
Copy link
 #2

Updated by Marek Hulán about 10 years ago

  • Difficulty deleted (easy)

Delegation on taxonomy level should work in new permission system. However limiting of assigned permissions can be tricky because user can have different permissions in different taxonomies. Therefore removing easy difficulty.

Actions
Copy link
 #3

Updated by Dominic Cleal about 10 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Marek Hulán
  • Target version set to 1.9.0
Actions
Copy link
 #4

Updated by Dominic Cleal about 10 years ago

We think this is implemented through #812 but it requires further verification and testing, it may need followup work.

Actions
Copy link
 #5

Updated by Dominic Cleal about 10 years ago

  • Status changed from Ready For Testing to New
  • Assignee deleted (Marek Hulán)
  • % Done changed from 0 to 80
Actions
Copy link
 #6

Updated by Dominic Cleal about 10 years ago

  • Blocks Tracker #4552: New permissions/authorization system issues added
Actions
Copy link
 #7

Updated by Anonymous about 10 years ago

  • Target version changed from 1.9.0 to 1.8.4
Actions
Copy link
 #8

Updated by Anonymous almost 10 years ago

  • Target version changed from 1.8.4 to 1.8.3
Actions
Copy link
 #9

Updated by Anonymous almost 10 years ago

  • Target version deleted (1.8.3)
Actions
Copy link
 #10

Updated by Marek Hulán almost 10 years ago

  • Blocked by Bug #5929: Taxonomy selectors do not obey assign_$taxonomy permissions added
Actions
Copy link
 #11

Updated by Marek Hulán almost 10 years ago

#5929 should be the last missing part

The role to manage users in other orgs should include two filters, first granting *_users permissions limited to specific org and second allowing view_organizations and assign_organizations (filtered for ids of specific orgs).

Actions
Copy link
 #12

Updated by Marek Hulán almost 8 years ago

  • Status changed from New to Resolved

I think this is implemented for a while, please let us know if there's something missing.

Actions
Copy link

Also available in: Atom PDF