Disabling Workspaces and Roles administration for specific Group Admins

g.paradis · March 20, 2018, 4:02pm

Pydio 8.0.2 Community
Fresh install using tar.gz package on RHEL 6.9, Apache 2.4.18 (Red Hat), PHP 5.5.38 (REMI)

Issue: Cannot find how to disable workspace administration for specific group admins

Context: We are currently evaluation Pydio 8.0.2 for a specific client. We will have our own admins who will be full admins (full access to Pydio) and some others that will be full group admins (can manage both users and workspaces). The customer also wants to be able to manage its own users and apply roles to them to give them access to workspaces, but must not be able to manage the workspace or role creation. That part must be done by us, by the full group admins.

We tested this also under Pydio 7, and were able to limit the customer’s ability to create/edit workspaces and roles by using a role which limited the following actions:

All Workspaces > access.ajxp_conf > create_repository - disabled
All Workspaces > access.ajxp_conf > create_repository_template - disabled
All Workspaces > access.ajxp_conf > create_group - disabled
All Workspaces > access.ajxp_conf > create_role - disabled

Unfortunately, I couldn’t find where I to limit these actions within a given Role in Pydio 8.0.2.

Can you help?

Here’s a example of our group/users layout:

/ - full_admin (Administrator profile)
/hosting_company - full_group_admin (Administrator profile)
/hosting_company/customer - customer_group_admin (Administrator profile)
/hosting_company/customer/users - customer_user1 (Standard profile)
/hosting_company/customer/users - customer_user2 (Standard profile)…

Functional roles:

full_admin: Supports the whole Pydio instance, can do anything.
full_group_admin: Supports the customer’s workspaces / groups / users / roles.
customer_group_admin: Supports the customer’s users and assign them roles.
customer_user*: Accesses workspaces configured by full_group_admins, based on rights defined in roles (configured by full_group_admins) associated to them by customer_group_admins.

I’m not sure if I’m being clear, but I’ll provide any additional information required.

Thanks!!

zayn · March 22, 2018, 8:33am

Hi,
let me resume quickly what you asked for, basically you want to disable for some group admins the rights to manage/edit workspaces and roles.
If that’s what you were looking for you should have a look at my screenshot as it may respond to this :

it was just an example but you can look for workspace management, for my example i choose All the workspaces but you can also apply this to only one or few of your workspaces.

g.paradis · April 3, 2018, 6:50pm

Thank you @zayn!

This was some kind of temporary bug. For some reason, the list of parameters/actions was incomplete, and I could only see a limited set of actions.

I cleared my browser’s cache and cookies, logged back in, and everything was there.

Thanks for taking the time to reply!

Topic		Replies	Views
How to disable sharing for group on workspace? Pydio 8 solved	5	822	March 6, 2018
Giving roles and groups different permission Development mailer , plugins	1	613	October 26, 2018
[Solved] Create new workspace without permissions for all users Pydio Cells	3	444	March 25, 2019
Add Role to group Pydio 8	15	1078	May 16, 2023
Workspace : Access on folder Pydio 8	3	399	December 10, 2018

Disabling Workspaces and Roles administration for specific Group Admins

Related Topics