We have fallen into this trap where a user has received more access than they should have. So some mechanism could be great to manage users / groups (Account Team". I am thinking if there was a “Copy an existing user” feature when creating new users. This may be useful? In other words once a user has been created for an entity and has been assigned certain access / permission, that user could be copied / cloned to a new username.
In some cases we have admin / account users with access to multiple entities… Not sure what thoughts there will be on this? It could dangerous also to be fair this process is not, (in our case) a daily occurrence.
I agree with this idea. It also makes it easier when setting up users that have similar rights. One does not have to go through all the list of permission assigning them one by one.
Implementation
Since roles are already there. We can as a community propose default roles. These roles will then be coded into the program with the option to add or remove permissions
Administrator Role - will remain the same
Restricted user role - this role can the be further split as per my suggestion above.
In my opinion, We can have Role option inside a business settings.
Once a role is created, say Accountant - we can have similar functionality how we are selecting permissions now for users. Then in settings user permissions we will connect the user to this business Role. Either he can be from existing Role or custom like one which we have now.
In this way. User can we connected to multiple business. And if the user is in restricted access either role of that business can be selected or custom select.
We actually use applications with multi-tier permissions as requested here. If anything things get less secure and far more complicated when using groups. It is better as is in Manager even though requiring a bit more work but you know exactly what permissions a specific user got. In my view the more granular you try to go the more open you will be to abuse.
As a past SAP database national administrator with a large corporation for over 14 years, one of my responsibilities was to ensure the security of user access and their privileges.
In my experience, the instances of multi-tier permissions “abuse” was minimal. Of course, how well this works depends on the culture of the business, and that they have a robust privilege assignment procedure together with management’s adherence to that procedure.
Hi all, I see this post from 2023, and was wondering if something like this has been added or is in development for Manager? This would be an awesome quality-of-life add-on for the program. I want to add more users, but the idea of on-boarding additional users is daunting for me on Manager as it is now. It means that I would need to run down the huge list of permissions one-by-one and make sure that the users in different divisions have the same permissions. Additionally, I would need to revisit them often to make sure that they still have the most relevant permission for their role in the business. Would it not be worth while making user permission presets that one can add into a business profile, and assigning those permissions to the relevant users? When a permission profile is amended, all the users with that permission profile linked has the same permissions. There can still be a “custom” access option, where one then runs down the list per user if that is selected. But I think in most businesses, you have basic roles that you can design and define, like front-end (view only), sales, admin, backoffice, supervisor, manager, accountant, director and of course full access user, here and there, but 99% of the users have limited access with view, create rights… very seldom to update, unless it’s something like a customer, supplier, etc.