You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We tend to use Craft a lot for our client's websites at our agency (Digital Natives Amsterdam). Oftentimes they run into flexibility issues regarding permission management.
We run different environments, where allowAdminChanges is always only enabled on the local (dev) environment. This means client users, even if they're admin, cannot create or manage user groups. This is of course intended, but turns into a limiting factor rather quickly at somewhat larger scales.
For example, we might provide two 'default' user roles:
Administrators (a separate role from the default craft admin): They are usually assigned to client personnel who have pretty much all permissions, except for some dev/config related ones.
Editors: This role is assigned to most of the content managers working at the marketing or content departments of the organization.
Now where it gets tricky is when a client Administrator wants to add a role for a select group of people, only allowed to perform a subset of regular editor permissions. E.g. can only manage a specific section of a website. At moment they'll have to contact us to add a new user role.
Would it be possible to add a way to do this? I realise it's tricky not writing to the project config, and database irregularities between environments would be a hassle. Not sure what the best way around this would be.
To work around this, most clients will now edit permissions on a user level, which is rather time consuming. From a client user's perspective managing user roles directly would greatly speed up permission management.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
HI!
We tend to use Craft a lot for our client's websites at our agency (Digital Natives Amsterdam). Oftentimes they run into flexibility issues regarding permission management.
We run different environments, where
allowAdminChangesis always only enabled on thelocal (dev)environment. This means client users, even if they're admin, cannot create or manage user groups. This is of course intended, but turns into a limiting factor rather quickly at somewhat larger scales.For example, we might provide two 'default' user roles:
Administrators(a separate role from the default craftadmin): They are usually assigned to client personnel who have pretty much all permissions, except for some dev/config related ones.Editors: This role is assigned to most of the content managers working at the marketing or content departments of the organization.Now where it gets tricky is when a client
Administratorwants to add a role for a select group of people, only allowed to perform a subset of regulareditorpermissions. E.g. can only manage a specific section of a website. At moment they'll have to contact us to add a new user role.Would it be possible to add a way to do this? I realise it's tricky not writing to the project config, and database irregularities between environments would be a hassle. Not sure what the best way around this would be.
To work around this, most clients will now edit permissions on a user level, which is rather time consuming. From a client user's perspective managing user roles directly would greatly speed up permission management.
Thanks for considering!
Greetings!
Lars
Beta Was this translation helpful? Give feedback.
All reactions