ChiliProject is not maintained anymore. Please be advised that there will be no more updates.

We do not recommend that you setup new ChiliProject instances and we urge all existing users to migrate their data to a maintained system, e.g. Redmine. We will provide a migration script later. In the meantime, you can use the instructions by Christian Daehn.

Granular admin rights (Feature #121)

Added by Andrea Campi at 2011-02-02 08:34 pm. Updated at 2011-12-18 07:40 pm.

Status:Open Start date:
Priority:Normal Due date:
Assignee:- % Done:

0%
Category:Permissions
Target version:-
Remote issue URL:http://www.redmine.org/issues/4427 Affected version:

Description

Right now the administrator role is all or nothing. On the other hand, project owners have no special system-wide power.

Ideally, we should move away from the monolithic "administrator" concept and have separate rights for:
  • managing users (including creating new users, assigning rights and projects)
  • managing projects (including creating new projects and assigning an owner that is not the user herself)
  • changing settings such as email server config

This would make it possible to e.g. let an IT support person handle user management, without giving them wide open access to all.
Note that I mostly care about preventing "casual" unauthorized access: of course a determined person with user-mgmt rights could give themselves the right to access more projects (but that would be easy to detect from log files).

Related issues

duplicated by Feature #204: ReThink the Create Project permission Duplicate 2011-02-18

History

#1
Updated by Andrea Campi at 2011-02-02 08:42 pm

Note that it would be extremely useful to expose this to plugins.
For example, we use the timesheet plugin; I would like to let our HR see other people's timesheets without making them administrators.

#2
Updated by Holger Just at 2011-02-02 08:57 pm

I proposed something like that some time ago on Redmine's issue tracker. Unfortunately, to make it right, it means rewriting most of the permission system, as ChiliProject currently doesn't really support the concept of global rights. Such a rewrite is something which is planned nevertheless (see New Permissions), but it will take some time to be completed.

Although we have a plugin adding this developed at finnlabs, we don't think this is generic enough to be part of the core.

  • (deleted custom field) set to http://www.redmine.org/issues/4427

#3
Updated by Eric Davis at 2011-02-03 12:57 am

  • Category set to Permissions

#4
Updated by Holger Just at 2011-12-18 07:40 pm

  • Subject changed from Granular admin rigths to Granular admin rights

Also available in: Atom PDF