Non-Admin Users can set permissions for all users on server

The idea that a non-admin user can set permissions in a business for users who do not have access to the business does not make sense to me. Is this intentional or possibly a bug?

I have a Manager Server installation on Ubuntu.

Scenario: I am logged into Business X as a user with Full Access.
I navigate to Settings and User Permissions.
Then I select Create New Permission.
When I select the User Name drop-down, all the non-admin users on my server are listed.

My expectation is that only the users with access to the business should be available to add permissions to.

If this is not a bug, is there a way for me to customise the User Permissions page so that the New User Permission button is not visible or inactive?

You need to set permissions for which users can modify Settings.

Not sure if I follow your suggestion. At least one user in a business would have full access to all functionality, therefore I set this user up with Full Access. This user will be able to set permissions for any users on my server without having access to the relevant business.

If you do not have at least one user with Full Access in a business you loose the ability to perform Backups and View History (except if you log in as an Administrator user). Therefore if you customise the primary user to not have access to User Permissions , this user will not be able to perform Backups or View History.

This does not make sense to me?

There’s nothing wrong with being able to delegate non-administrators to manage their users, backups and history. That’s an extremely useful feature.

But if you don’t want that what you can do instead of giving that user full access, is just select everything instead and keep user permissions off.

But having said that, it sound like a lot of work.

Maybe if @lubos could make the full access more like a toggle switch that populates the forms with all permissions and then you can take out the ones you don’t like. Then the switch goes off again and you can turn it on again if you want to repopulate the form with everything again.

Maybe I can shorten this discussion. The job of creating users will soon be moved to Settings for individual businesses, too. All of this will become moot.

I agree, they are extremely useful features.
I am not concerned about the effort to set this up as the system works now, however Backup and History is not a permission option, you have to setup Full Access or Administrator user.

Therefore, as soon as you customise the permission for a user not to have access to User Permissions, this user cannot perform Backups or View History. This is a limitation.

Is this per design and planned to be that way?

@Morne_Kruger I agree with you that list of all restricted users should not be shown in dropdown. I’m changing it to simple textbox.

Great thank you! And well done on the awesome system you are building!

Looking forward to this feature as well.

I really hope that that doesn’t happen.

I like having a focused view per business and another global view for all users. Each view is useful in a different way.

In the global view I can see the list of businesses a single user has. This view enables me to manage my staff better so I can see how many businesses each employee manages.

In the business view I can see all the users of a business. This view makes it easy to spot users given access to businesses by mistake and the number of users per business.

I had a similar request for history and audit trail but now the audit trail is gone. I used to export the audit trail to assess my staff’s performance but now I have to manually combine histories from different businesses, which is kind of a downgrade.

I know that this is off topic but this is closely related. @lubos could we please keep both views. Could we also have a global view of history, just a log, no need for undo or view abilities. I would be really grateful for that.

@Ealfardan Users tab will stay in the program. The only thing that will change is that currently list of users are being stored in file named 00000000000000000000000000000000.manager but eventually it will be in something like Users.json. But this is just internal thing. As far as user interface goes, there will be always two top-level tabs:

  • Businesses
  • Users

Thanks

Thanks for the clarification, @lubos.