eZ Platform Discussions

Help us get the permissions for the admin panel right!


#1

Hi there,

We, product managers and engineers at eZ, are in the process of – finally – properly handling permissions in eZ Platform U.I. rolling out improvements to the next releases (2.2, 2.3, 2.4) with the goal to have a large and strong coverage by the LTS in December.
We peel the onion. We are now looking into the admin panel, and might use some feedback as I’m sure some of you guys might have some thoughts.

So, we are now looking at the admin panel, which for now is made of different tabs and features:

  • System info
  • Section admin
  • Roles admin
  • Language admin
  • Content type admin
  • Users admin
  • Object state admin
  • Eventual custom admin feature (extension point)
  • Future admin features

Today, the policies available in the system might suffice, but are somehow inconsistent or too complex, or too many.
The question we’d like to ask you:
How do you think a good management of permissions for the admin panel should look like?

  • One single policy to provide access to all admin features – read and write (which would be a major simplification… and a BC…).
  • One policy to provide access to the Admin tab in the U.I. with by default the System Info available + 1 additional policy required for accessing each additional tabs.
  • One policy to provide access to the Admin tab and read only access to the other tabs, then specific policies for each specific tabs to manage them.
  • Any other idea? Please elaborate in the comment.

0 voters

Let us know if you have some thoughts :relaxed:


#2

did I get it right that any other policies such as “subtree of a node” that is not listed here will be removed ?


#3

no no, not at all. Not sure what was unclear, but beside “accessing the admin panel”, there are a myriad of other policies that will still be of course taken into account. Some already are, some are not yet and this will be fixed… Here, we are solely focusing on how to provide administrative capabilities in the admin panel.


#4

oh good. thanks for clarification.