Limiting assignment of roles

jkreuzig's Avatar

jkreuzig

19 Oct, 2010 11:45 PM

I put this in the Ideas Forum, but I thought it might be of interest here:

Once a user has the Manager role (global), they then can create users and groups that are assigned the Administrator role (global). This is not a very secure way of doing things, especially in a distributed environment such as ours.

It ties in with a previous suggestion that to break down role creation to "global" vs. "site":

http://ideas.hannonhill.com/forums/52559-cascade-ideas/suggestions/...

  1. Support Staff 1 Posted by Tim on 09 Nov, 2010 08:48 PM

    Tim's Avatar

    Hi there,

    It sounds like users in your instance have READ access to the Administrator Role. Try this:

    • Log in as an Administrator
    • In the Administration area, go to Users, Groups, & Roles
    • Click Roles
    • Click on Administrator
    • While viewing the Administrator Role, click the Access tab
    • Change the ALL setting to None

    Now, the ability for Managers to create new users as Administrators should not be an option.

    Let me know if this helps.

  2. 2 Posted by jkreuzig on 09 Nov, 2010 09:10 PM

    jkreuzig's Avatar

    Tim,

    All I can say is DOH! I don't know why I didn't think about this. I guess I have spent to much time staring at this to see the obvious solution!

    Thanks!

    Jim

  3. jkreuzig closed this discussion on 09 Nov, 2010 09:10 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac