Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a role User administrator #7482

Open
funkytraffic opened this issue Dec 13, 2017 · 14 comments
Open

Create a role User administrator #7482

funkytraffic opened this issue Dec 13, 2017 · 14 comments
Labels
1. to develop Accepted and waiting to be taken care of enhancement feature: users and groups

Comments

@funkytraffic
Copy link

funkytraffic commented Dec 13, 2017
edited
Loading

Actual behaviour

Nextcloud knows 2 admin groups:

Super Administrators and Group Administrators

As of https://docs.nextcloud.com/server/12/admin_manual/configuration_user/user_configuration.html#granting-administrator-privileges-to-a-user

  • Group Administrators can only act in their group, but they cannot create a group or assign a group admin
  • Super Administrators have full privileges

Expected behaviour

  • In many cases I want a User administrator: This role has full access to all user settings, but cannot assign the admin role to a user and has no access to the admin settings.
  • Use case: We want grant some users the ability of all privileges of managing users but we donnot grant them access to the admin settings. They can create groups, assign group admins and delete any user but those of the admin role.

I think this a very common scenario.
@MorrisJobke
Copy link
Member

cc @karlitschek @blizzz @schiessle @rullzer

@MorrisJobke MorrisJobke added enhancement 0. Needs triage Pending check for reproducibility or if it fits our roadmap feature: users and groups labels Dec 13, 2017
@karlitschek
Copy link
Member

Actually I had similar thought a while ago. We could split up the admin permission into sub permissions. Like user management, app management, view logfile, monitoring, and so on.
But this is some work of course.

@blizzz
Copy link
Member

blizzz commented Dec 14, 2017

Currently we meddle two ways to provide permissions: admins by the admin group and group admins, internally called subadmins, by a specific table. Imho it makes sense to consolidate it into some role-mechanism to avoid misusing user-visible groups and having isolated solutions for specific roles.

Talking about logfile, monitoring etc. it just make sense to transfer the "app enabled for group" to this mechanism… or assigning roles to a group or creating a role of roles for composition. If this is all necessary, depends on how fine grained it should be. At least keeping the path open for this scenarios.

This just shows that it is also a complex component and needs requirements and a spec. So, yes, this would be some work, but reasonable. Can be a bigger feature for 14.

@funkytraffic

This comment has been minimized.

Sign in to view
@blizzz

This comment has been minimized.

Sign in to view
@nextcloud-bot nextcloud-bot added the stale Ticket or PR with no recent activity label Jun 20, 2018
This was referenced Sep 23, 2018
Open
Closed
@PhilippaKH

This comment has been minimized.

Sign in to view
@nextcloud-bot nextcloud-bot removed the stale Ticket or PR with no recent activity label Dec 12, 2018
@blizzz

This comment has been minimized.

Sign in to view
@brtptrs
Copy link

brtptrs commented Apr 18, 2019
edited
Loading

We need the option whereby group-admins can assign existing users to their groups but not create new users on the system.
Group admins would have to search through all users on the system.
This will be very useful in combination with group-folders, to delegate admin tasks.

@skjnldsv skjnldsv mentioned this issue Apr 30, 2019
Closed
@cyBea
Copy link

cyBea commented Jun 17, 2019
edited
Loading

It would be nice if this user administrator role also covers the administration of group-folders. (Or would this be only a feature of group-folder app?)

@skjnldsv skjnldsv added 1. to develop Accepted and waiting to be taken care of and removed 0. Needs triage Pending check for reproducibility or if it fits our roadmap labels Jun 17, 2019
@summersab summersab mentioned this issue Jun 18, 2020
Open
@wiswedel wiswedel mentioned this issue Nov 18, 2020
Closed
@Yorgh
Copy link

Yorgh commented May 24, 2022

Hello all,

Sorry if I should open a new issue but I think my need is related.
We are using a monitoring tool and it is possible to monitor Nextcloud through the API but it currently requires Super admin privileges.
After having upgraded to version 23, I can see that we have the ability to configure some Admin privileges.
This is a great ability but I would need this one regarding the System part as well so that I would be able to use a user in a group only affected to the System.

I would be pleased to open a new issue if it was needed.

Thanks in advance for any feedback.

@wunschadresse
Copy link

just wondering, if there has been any progress regarding this topic?

@joshtrichards
Copy link
Member

@Yorgh: See the very bottom of the System (serverinfo) page. What you're looking for is the token parameter for monitoring API access. That allows you to not use an admin account for monitoring via the endpoint.

@rugk rugk mentioned this issue Aug 23, 2023
Open
@rugk
Copy link

rugk commented Aug 22, 2023

@Yorgh I have split that request into a new issue as it not a lot to do with this issue here and I wanted to request the same: nextcloud/serverinfo#497

@walhallaRV
Copy link

walhallaRV commented Mar 9, 2024
edited
Loading

Actual behaviour

Nextcloud knows 2 admin groups:

Super Administrators and Group Administrators

As of https://docs.nextcloud.com/server/12/admin_manual/configuration_user/user_configuration.html#granting-administrator-privileges-to-a-user

  • Group Administrators can only act in their group, but they cannot create a group or assign a group admin
  • Super Administrators have full privileges

Expected behaviour

  • In many cases I want a User administrator: This role has full access to all user settings, but cannot assign the admin role to a user and has no access to the admin settings.
  • Use case: We want grant some users the ability of all privileges of managing users but we donnot grant them access to the admin settings. They can create groups, assign group admins and delete any user but those of the admin role.

I think this a very common scenario.

This would be the best solution. Or atleast the option "User Management" under "Grant administrativ rights". But obviousely since 2017 nothing changed. Oh yes - one more really stupid bug: group admins can't reactivate deactivated users anymore.

Really love NC. But as a Groupware / Workgroup - Server the User management really should work. Group admin cant create new groups, nor add (existing) users to the group. So he has to borrow the Super Admin like: "Oh, please can you create a new group named "Test" and add this 250 users to the group!" GREAT. The best: the Superadmin can not simply add the users to the group. NO, he has to edit every single user, has to add 250 times manually the group to the 250 users! Really a pity and not usable for greater groups :(

@dermalikmann dermalikmann mentioned this issue Mar 19, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1. to develop Accepted and waiting to be taken care of enhancement feature: users and groups
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests