Roles / Administrators

One thing that is essencial as a core feature, is to have the ability to limit/control user permissions. I wonder why it has not been considered something important so far.

For example, in Joomla, users can be visitors, publishers, editors, administrators, super administrators.

In Elgg there is only, logged in, not logged in, and administrator. And for users like me, that use walledgarden, its only logged in and administrator.

As sites grow, users would want to add more administrators that could not delete users for example.

Regards,
Uddhava dasa

  • Yes, I agree with you Alex. With out of the box plugins and where a single person or equal admins (partners perhaps) manages a website, there is no need for more control. Of course in this model you can't use your employees or volunteers to manage an elgg site (cash operations, membership approval, backups, pm moderation, email system administration etc), but that won't probably be a need if it will be prefered for maximum simplicity.

    In my side, I need a more functional system which can be managed by at least 2 or 3 people, so I've cooked my own permissions system, so either way is ok to me =)

  • "Managing a site" usually comes down to "managing content" and "managing users." A site admin *should* be more technically oriented (I am talking about where they spend their time and attention; we assume they have the technical capabilities) and should not be going after bad content or abusive users because it is a waste of their time. That's why Moderators are needed. Also, back to the Translators, the site admin may not know all of the languages of their site users, but wants to delegate some translating responsibility without giving access to the inner workings, settings, etc. of the site. So, a special Translators role would be ideal.

  • Perhaps we need a workflow plugin/feature?  Managing content (or even users) may mean a different thing for each site/organization.  Managing/Moderating content may be handled differently depending on preferences/policies/guidelines and there will likely be large variation of these preferences.  Having a configurable worflow engine within Elgg will allow each site to have it their way.  It will also have many other potential uses which will help expand the reach of Elgg.

  • @ukr
    exactly. translators are a reason I'm using roles.

  • I point you to MODx.

    I think they have about the best user control method of ANY CMS I've ever seen.

    Seperate accounts for "web" and "management".

    This would mean, for elgg, that things would look like this:

    Web Users: NO CHANGE.

    Management: Tiered, customisable levels, with moderation abilities (delete users, ban users, etc etc, and no interaction with the main site beyond this - IE, can't post blogs, can't post images, can't do ANY of that stuff: can just view everything and delete/act upon it according to management permissions). Managers - of whatever level - would login through an entirely different page. Like http://mysite.com/managers/ - and access a control panel from there. The main site could be handled for managers like a "preview" system, with, say, a floating AJAX control for acting on content on the page.

    This way, you keep your starting ideal of "all users equal", and add a layer of security. Actually two layers of security, since not only do the normal users never ever get even a sniff of how the site is managed, but the admin can also add mods who can't screw around with the content.

    A css manager would also be beautiful, incidentally, while we're talking a management panel. :p

    Like a reversal of caching - you edit the cached CSS and then it backflows changes into the original files...

    ...

    I'll shush before I get ahead of myself.

    Any more.

  • Very cool, Dagorath. I think the ideology is excellent!

  • Dunno. Levels are unnecessary with a granular permission system, as you can exactly define who can do what, like they don't exist in operating systems. Level system is a simpler, easier security for applications which don't need granular permission management. Higher levels have additional rights to lower level rights. This has a good usage on stuff like IRC channels etc. But it's useless if you have a bigger system and need access control to seperate parts like cashiers, backup operators, network operators, moderators, translators etc. A role doesn't have to be higher / lower than others.

    With granular permissions, you can have all users equal too, except management, like admin, as it should be.

    My management team is invisible, that is, they don't post anything. But if I wish to specially disable my employees posting stuff, I can just disable their rights in their roles. But surely they have to see everything a normal user can, for moderation and to be able to follow the site like members, instead of using one member and one attendant account. With roles you don't need a seperate interface.

    It doesn't matter to me if Elgg will stay as a single admin system or not, as I already use roles in my system, but a level system in Elgg is a no no to me.

     

  • To me, another advantage of a seperate interface as noted above is the ability to -minimize- that interface. In other words, you can retheme it to JUST show content, in a bald, simple way. No flashy graphics. Rapid loading time means rapid response. If mods have to view the same site as users, they are limited to navigating at the same -speed- as users... which can have certain disadvantages.

    Mind, I'm not suggesting levels specifically, per se. You could have a roles system with my suggestion, and name your own "levels" based on saved roles profiles.

    But I still think splitting users and managers is wise for security. It works -brilliantly- in MODx.

     

  • Ah I see it now Dagorath.

    What you need is a better, faster interface for management, which can list / display / edit the content faster and easier. Like better lists, grouping, sorting, filtering, multiple edits, mass operations etc. It's the administration pages. You (we) ideally need more functionality on content, users and system in this section. Like more detailed ajax listings for content, customizable columns, mass find / replace, mass delete etc with multiple selections etc. 

    Actually the interface is there, it just needs more functionality which should be invented by addons for their own content. The only difference is, content pages, which normal users can see are not prohibited to management, but this can be achieved with role permissions too. And for graphics & html, we can already use a simpler, lighter theme for management.

     

  • and ... what happened with this project  ?? :-) any luck after 800 something days?

Feedback and Planning

Feedback and Planning

Discussions about the past, present, and future of Elgg and this community site.