Disabling Workspaces and Roles administration for specific Group Admins

Pydio 8.0.2 Community
Fresh install using tar.gz package on RHEL 6.9, Apache 2.4.18 (Red Hat), PHP 5.5.38 (REMI)

Issue: Cannot find how to disable workspace administration for specific group admins

Context: We are currently evaluation Pydio 8.0.2 for a specific client. We will have our own admins who will be full admins (full access to Pydio) and some others that will be full group admins (can manage both users and workspaces). The customer also wants to be able to manage its own users and apply roles to them to give them access to workspaces, but must not be able to manage the workspace or role creation. That part must be done by us, by the full group admins.

We tested this also under Pydio 7, and were able to limit the customer’s ability to create/edit workspaces and roles by using a role which limited the following actions:

  • All Workspaces > access.ajxp_conf > create_repository - disabled
  • All Workspaces > access.ajxp_conf > create_repository_template - disabled
  • All Workspaces > access.ajxp_conf > create_group - disabled
  • All Workspaces > access.ajxp_conf > create_role - disabled

Unfortunately, I couldn’t find where I to limit these actions within a given Role in Pydio 8.0.2.

Can you help?

Here’s a example of our group/users layout:

/ - full_admin (Administrator profile)
/hosting_company - full_group_admin (Administrator profile)
/hosting_company/customer - customer_group_admin (Administrator profile)
/hosting_company/customer/users - customer_user1 (Standard profile)
/hosting_company/customer/users - customer_user2 (Standard profile)…

Functional roles:

full_admin: Supports the whole Pydio instance, can do anything.
full_group_admin: Supports the customer’s workspaces / groups / users / roles.
customer_group_admin: Supports the customer’s users and assign them roles.
customer_user*: Accesses workspaces configured by full_group_admins, based on rights defined in roles (configured by full_group_admins) associated to them by customer_group_admins.

I’m not sure if I’m being clear, but I’ll provide any additional information required.


let me resume quickly what you asked for, basically you want to disable for some group admins the rights to manage/edit workspaces and roles.
If that’s what you were looking for you should have a look at my screenshot as it may respond to this :

it was just an example but you can look for workspace management, for my example i choose All the workspaces but you can also apply this to only one or few of your workspaces.

Thank you @zayn!

This was some kind of temporary bug. For some reason, the list of parameters/actions was incomplete, and I could only see a limited set of actions.

I cleared my browser’s cache and cookies, logged back in, and everything was there.

Thanks for taking the time to reply!