People management permission
Page: 1, 2
Recent posts in this topic
Pro
adnatechnologies
on Jul 11. 2008. 5:52 pm
I have created a role that is essentially the Department Head as describe below plus people_management. This is because I want them to be able to manage the people that are part of the Client Company. The problem is that they can create users with admin access, even though they themselves are not admins. Is there any way around this?
Staff
Ilija Studen
on Jul 11. 2008. 6:08 pm
Don't do that. People managers have all permissions when creating users. This permissions should be used if you want to have someone maintain contact details of all users and in similar situations.
If you want a person to be able to manage members of a specific company:
1. Make sure that person is member of that company and not other
2. Set manage_company_details permission to Yes
That should be it. There is no need to give them people management access.
Read more which permission means what in this article.
If you want a person to be able to manage members of a specific company:
1. Make sure that person is member of that company and not other
2. Set manage_company_details permission to Yes
That should be it. There is no need to give them people management access.
Read more which permission means what in this article.
activeCollab team member | LinkedIn
Pro
adnatechnologies
on Jul 11. 2008. 6:10 pm
how to i allow them to manage the companies in their projects? i.e. manage the users of more than one company?
Staff
Ilija Studen
on Jul 11. 2008. 6:12 pm
You can't. If person has manage company details permission it can manage details and users of that company ONLY, not other companies. If you want them to be able to do more you'll need to give them eighteen administration or people management permissions.
Why do you need this to work in a way you described?
Why do you need this to work in a way you described?
activeCollab team member | LinkedIn
Pro
adnatechnologies
on Jul 11. 2008. 6:14 pm
i am overprotective of admin rights. I have a designer that I would like to give the ability to add new people to their projects, but I don't want to give them admin rights to the whole site.
Staff
Ilija Studen
on Jul 11. 2008. 6:20 pm
If you wish him to be able to create new users in other companies you have two options:
1. Give him people management permissions. This is what this permission is intended for, but you need to be aware that people manager can create any user type he want, including administrators as you noticed.
2. Leave his permissions limited and create users by yourself based on his instructions.
1. Give him people management permissions. This is what this permission is intended for, but you need to be aware that people manager can create any user type he want, including administrators as you noticed.
2. Leave his permissions limited and create users by yourself based on his instructions.
activeCollab team member | LinkedIn
I still think there is a problem with the people_management permission. It is basically equivalent to admin_access.
We need to assign a project manager to each projects and let him create the project's users.
That said, is there a way to let a project manager add/delete users _only_ for his project(s) ?
Maybe the permissions should be applied at the project's level, not company's. We have only _one_ company, many projects in it.
As this is a collaborative tool, people should be able to manage their projects _entirely_ including users, not depending on the website admin.
Just my two cents
We need to assign a project manager to each projects and let him create the project's users.
That said, is there a way to let a project manager add/delete users _only_ for his project(s) ?
Maybe the permissions should be applied at the project's level, not company's. We have only _one_ company, many projects in it.
As this is a collaborative tool, people should be able to manage their projects _entirely_ including users, not depending on the website admin.
Just my two cents
Pro
I agree with JL and ADNA in terms, that this is a collaborative tool and that it needs to be more adjustable. I want to give my managers freedom, and don't want to put things in by hand all the time. I also want to allow certain managers to add others join the project or a certain company.
What I really would like to see is a really good customizable rights system. I feel "locked" at this moment (sorry)
Maybe checkbox rights for every USER? Example:
- Company A (no)
- Company B (yes) - allowed to add people (yes) - time management (no)
- Company C (no)
- Company D (yes) - allowed to add people (no) - time management (no) - add new projects (yes)
Let's come up with something clever :)
What I really would like to see is a really good customizable rights system. I feel "locked" at this moment (sorry)
Maybe checkbox rights for every USER? Example:
- Company A (no)
- Company B (yes) - allowed to add people (yes) - time management (no)
- Company C (no)
- Company D (yes) - allowed to add people (no) - time management (no) - add new projects (yes)
Let's come up with something clever :)
I just discovered the same issue today.
This is a real problem.
We have 1.1.4.
I have a Role called "Project Manager", which has these rights:
system_access - Yes
admin_access - No
project_management - Yes
people_management - Yes
add_project - Yes
manage_company_details - No
can_see_private_objects - Yes
manage_assignment_filters- Yes
can_use_status_updates - Yes
use_time_reports - Yes
manage_time_reports - No
I then assigned my project managers, to have this role.
Since they have "People Management" set to Yes, I expected them to have the ability to view all companies and add/edit any client contact info in the People section, even if they are not assigned a project.
I also expected them to be able set a user's Role when Updating their Profile. However I did NOT expect them to have the ability to set the Role to an Administrator, since they themselves were not an Administrator.
The Project Manager role, can edit a User Profile, and set that user to an Administrator, even when the project manager themselves are not an Administrator or do not have admin_access set to Yes. They can make themselves an Administrator, submit the change, then log back in as an Administrator.
Someone with the People Management flag should not be able to edit a User Profile and flag their Role as "Administrator" - unless the person editing the User Profile is already set as an Administrator (admin_access=Yes).
This is a real problem.
We have 1.1.4.
I have a Role called "Project Manager", which has these rights:
system_access - Yes
admin_access - No
project_management - Yes
people_management - Yes
add_project - Yes
manage_company_details - No
can_see_private_objects - Yes
manage_assignment_filters- Yes
can_use_status_updates - Yes
use_time_reports - Yes
manage_time_reports - No
I then assigned my project managers, to have this role.
Since they have "People Management" set to Yes, I expected them to have the ability to view all companies and add/edit any client contact info in the People section, even if they are not assigned a project.
I also expected them to be able set a user's Role when Updating their Profile. However I did NOT expect them to have the ability to set the Role to an Administrator, since they themselves were not an Administrator.
The Project Manager role, can edit a User Profile, and set that user to an Administrator, even when the project manager themselves are not an Administrator or do not have admin_access set to Yes. They can make themselves an Administrator, submit the change, then log back in as an Administrator.
Someone with the People Management flag should not be able to edit a User Profile and flag their Role as "Administrator" - unless the person editing the User Profile is already set as an Administrator (admin_access=Yes).
This was a response I received from ActiveCollab support:
This was my response:
Am I the only one struggling with this issue?
People management role is high level role that enables users to do ANYTHING with user profiles. Situation you described is by design and you should give people management permissions only to people you trust.
We'll see what we can do about this in the future.
This was my response:
But this does not make sense.
I need my staff to be able to view the Clients and their Users/Contacts in the People section, which requires the people_management to be turned on.
Yet I do not want my staff to be able to turn themselves into administrators!
Is there a manual change I can make to the code today, to prevent this?
And perhaps you can build this in as an option on 1.1.5?
Am I the only one struggling with this issue?
