-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Request: User Group Admin Privileges [$5] #3362
Comments
cc @raghunayyar |
Merging several duplicate issues into this one: #1212 Group Admin: Should be able to delete from group, not from system
|
#7992 Group admin can change storage size of self created user
|
I migrated the high label from #7992 |
Any news here? The topic exists now for more than two years. I disabled all group admin permissions temporarily as a work-around... |
I too disabled/removed all group admins. I even found I had messed up the internal security of my system by being an "admin" and putting myself in a moderated group. The result is the group admin could reset my password and take over everything... It seems obvious to me now, but less so back when I set things up. So watch out for miss-configurations like that one. |
I'd like to know that as well. I've opened #1212, and since then I haven't used group admins, because they are just too dangerous to use. I have the feeling that sometimes new features seem more important than fixing essential issues. |
So many people who want this feature .... but nobody is stepping up to actually do something about it ... ... looks like one has to wait longer |
IMO this is not a feature, but a matter of basic group administration and design. You can call it whatever you want, but at the moment it is not useable unless you don't care about your users' data. |
@tessus This is an open source community project. Feel free to submit a pull request for this feature. |
@karlitschek I'd love to, but I'm a bit stressed for time. also, this group admin code is core code, which I don't know. I'd need help to learn and understand it, otherwise it would take me even more time. Another problem is that the issues referenced here are not really the same problem. e.g. #1212 is different than the fine tuning issue described in the first comment of this issue. As I have mentioned earlier, the fact that a group admin can delete a user (and the data) from the system, even, if that user belongs to another group and/or is a group admin as well, is highly unusual and dangerous. That's why I don't use group admins and neither does anyone I know who's running their own ownCloud installation. ownCloud is a great project and I believe that some core devs understand the consequences of the current group admin implementation and will change it eventually. |
If I understand well this is mainly about preventing subadmins to delete users from the system, at least as a first step. Let's do a small step to move this forward design-wise. The tasks would be as follows:
|
@PVince81 I think the situation is a bit more complicated. Deleting a user is fine, if certain pre-requisites have been met. Here is a list of checks to determine, if user A can delete user B:
If above checks are all true, A can delete B. |
Hmm, this would require tracking which user was created by who, which makes the data structure and logic much more complex. Also this makes it more difficult to understand for subadmins. What do others think about this proposal ? |
In my opinion "A created B and added B to group C" is irrelevant and also the cause of any complexity. For example the following scenario would unnecessarily break the system.
This makes no sense at all. Remove the second check is my simple solution. The only thing that matters is what group, or groups the user currently belongs to. How to handle what a group admin can do in case the user belongs to several groups is a topic of by itself. I don't remember, can group admins change which group you belong to? Obviously this would break any privilege system if you can simply own any user on the system. |
Ok, @AsavarTzeth raised a valid point, although (when looking at my example) when user B is moved to group D, so what? It still should not be possible that user B is deleted by the group admin (or any of the group admins) of D. But this is a philosophical discussion. I agree that tracking who created whom might be a pain in the neck. |
So, what if de group admin is always allowed to kick any user out of his group and, if desired to start a request to delete an user. so all the "delete requested" user will appear in a group oder something similar, which will make it easyer for admins to delete this users? |
@interos99 To simplify. Do you mean something like a user trashbin managed by the ownCloud admins? @tessus I think using letters to describe both users and groups makes things a bit confusing. You now used D to describe a group. I assume this was intentional? It is slightly confusing since in my additions D was a user (admin of another group) and the group itself was E. Not important really, just wanted to point it out. I have been thinking. To me this makes the most sense:
I tried to answer everyone's needs. What do you think? I encourage you to break it, of course. |
@AsavarTzeth Yes, this is what I ment. In my cloud, used in an NGO with about 900 members, this would be really helpful. What do others think about this? And how much to work would this mean to realise? |
@AsavarTzeth I just extended my example and the last letter I used was C, so D was up. I should have used Gn and Un for groups and users, but I didn't know how to use subscript for the numbers n. As I mentioned before, I'm happy with any solution that ensures a group admin cannot delete a user (and the data) from the system, if that user belongs to another group and/or is a group admin as well. |
@interos99 mind telling us a little bit more about how you guys at the NGO are using subadmins ? Somehow I start having the feeling that subadmin are being "misused" because ownCloud doesn't have any better way of achieving what you want. Let's consider a new role "group admin" or "group membership admin". If we consider that groups are used like workgroups, you'd want the super-admin to create the said groups and specify someone who is able to add/remove people from their groups whenever they get added/removed to projects. In this case subadmins would be a completely different use case than group admins. (need to find better names for the roles) |
Seems like there were other ideas related to "group management" but in an automatic fashion. Not directly related but still mentioning in case it can provide more inspiration to get closer to the actual use case you guys are thinking about: #8201 |
I am really irritated that this very obvious issue hasn't been fixed yet. This is a real risk of data loss. It happened to us recently, where a group admin did not understand that deleting a user really and completely deletes him. Fortunately we have backups, but this is a glaring issue. It really shoud be given priority! |
Still no fix or solution for this issue? :( |
This issue has been automatically closed. |
If anyone stumbles on this and wants a quick fix, just modify /var/www/owncloud/settings/templates/users/part.userlist.php to wrap the "remove" table cell with an isAdmin. I just needed to keep my group admins from seeing the delete button on their users.
|
I would like to see the ability to fine tune what group admins can actually do. For example, if I create an Accounting or Engineering group admin I would like to disable their ability to delete users. Possibly only granting Gadmins the ability to reset passwords, add local shared folders, etc.
I searched a bit here on git but didn't see anything. Just a thought, thanks for all you guys do!
The text was updated successfully, but these errors were encountered: