Hi Again,
Is there any other way to ‘add new users’ without giving permission to our secretary to manage users (screen shot attached)?
I untick the permission to ‘manage user’ but then they can not have access to add users.
Sounds like overall you’re looking for a way to assign permissions for staff members to add/edit users without the capability to assign themselves or anyone else to Administrator or other higher-level roles. This seems pretty logical, and upon looking into it further this a potential security concern that could certainly be addressed. Or is there another reason you’re looking to avoid giving secretaries the Manage User permissions?
Perhaps a setting could be added to the roles themselves to indicate a restricted role (ones that requires Administrator-level to assign). This could allow one to restrict the roles as needed, then give Manage Users permission to staff without worrying about high-access roles being assigned accidentally (or intentionally).
If it is possible we would like only the administrator can have access to change the users primary role.
Adding new user, editing and changing primary role is in one ‘manage user’ settings
Our secretary needs to entering the new users information such us parents and students and also in future they will need to do some changing in users profiles, such as name, phone, address…etc…but they should not be able to change the user primary role.
I hope this is make sense.
In order to create a user that’s either a Parent or a Student the secretary will need access to set & change the primary role for Parents and Students at the very least. A new user can’t be created without a primary role. An option to restrict the roles would at the very least mean they couldn’t add any other roles (eg: Administrator)
Hi,
I agree that this is a bit more complex than it would seem at first.
We’d like our secretaries to be able to create users for Students and Parents without requiring direct involvement of the Ayu, our Database Coordinator.
But it seems Gibbon expects all users to be created by the main SysAdmin.
How are your schools handling this? Who creates users and how?
Once a school is up and running in Gibbon and the initial users are in the system, often new students and parents are added through the Student Application process. Accepting an application creates the necessary users for students and parents, as well as connects them together with a family record. From there, updates to their information can be made by staff through the Data Updater. Even if you’re not using the application publicly, it could be used internally by staff to track and add new students.
We’ve discussed adding the option to restrict user roles to help address the issue of giving Manage User permissions to non-admin staff members. With any luck the improvements will make it into v14.
Thanks for the quick reply.
Using the Student Application process makes total sense, and it will ensure that our Secretaries actually fill out things properly and fully. We’ll look into using it internally.
And thanks for looking into that option for v14!
We’ve added user role restrictions to v14, PR here: https://github.com/GibbonEdu/core/pull/227
The main changes are:
- In Manage Roles, a role restriction can be set to ‘Administrator Only’, ‘Users with the same role’, and ‘None’
- The ‘Administrator Only’ restriction is helpful for roles with high-level permissions that you want to ensure can only be given by the admin
- The ‘Users with the same role’ specifies that a user can only give the role to another user if they themselves have that role. It helps ensure a user cant give themselves or another user higher permissions than they currently have.
- The ‘None’ restriction is likely best to keep for Student and Parent roles, so that staff can assign it while adding/editing the majority of users in the system.
Hopefully this makes sense and helps address the previous Manage Users concerns.
I am subscribed to the GitHub notifications, and I was already putting the champagne in the fridge 
Really looking forward to the v14 release this summer!
Urko, fly Sandra and I down to Bali and we’ll enjoy the bubbles with you ; )
B)
Happy to host the Gibbon Training Day 2018 in Bali! B)