More than one Level of Administrator User

rfernandez

Hi,
Is there any built-in way of having at least 2 types of admin users?
For example one that can manage users and light configurations, but not to be able to destroy the database or other core configurations. Or something similar to what you can define as Roles for Applications?

If the answer is no, how would you suggest to build something alike?
Also, it would be a very nice feature addition. Otherwise you are forced to have an all or nothing choice regarding giving someone administrator privileges.

Thank you!!

gabriel

No, there is currently only a single admin permission for users in the r3 instance. Even if we separate user management from some system configuration, someone with user management permissions can just give themselves additional access.

If you want to separate user management from other admin tasks, you can use directories (like LDAP/ActiveDirectory) or OAuth to manage your users outside of r3. This is possible with the current feature set.

While it would technically be possible to split the current admin permission into multiple parts, it would have many consequences we´d need to address. As the benefits are not that large, I would personally not advocate for making this a priority at the moment.

rfernandez

gabriel
Hi Gabriel,
Thank you very much for your answer!
Although I was wishing the opposite, I kind of expected your answer to be as it was, as I believe now I understand better the concept and target environments for which r3 was concieved.

My use case is simple. I have to deliver a system for a group of non technical people (non-profit sort of) with no knowledge for admin tasks, no budget to hire someone with admin knowledge.
So once the system is delivered I will have to release the admin privileges to someone that will probably break it in a short time.
But, maybe and hopefully I'm wrong and nobody feels tempted to make fixes or improvements in a while.

Thank you!

gabriel

It´s not that easy to break things by accident - we have warnings if you´re about to do something really bad (like deleting an application as you might loose your data).

As long as you have solid backups, the damage they can do, is mostly reversible. For this you do not have to use the integrated backups (as users with admin permissions can disable them) - you can setup external backups for Postgres and uploaded files. It is very simple to setup.