Feature #6670

Admin rights should not override rights given through roles

Added by Daniel Schuba about 7 years ago. Updated about 7 years ago.

Status:NewStart date:2010-10-14
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Administration
Target version:-
Resolution:

Description

Would be nice if there were a possibility to block the admin from working in projects. In my case I use the admin only for creating users or doing other things in the administration section. But the admin user should not appear in regular project. Unfortunatly it happens that I forgett to logout and make changes to tickets with the admin account. It think the admin right should not give to possibility to make all changes. The right's given through roles should also apply to admins I think


Related issues

Related to Redmine - Feature #4427: Create a new type of role for not project specific mainte... New 2009-12-16
Related to Redmine - Defect #8199: Unable to change the status of an issue regardless of wor... Closed 2011-04-20
Related to Redmine - Defect #8625: Admin can not change issue status Closed 2011-06-16

History

#1 Updated by Damien Couderc about 7 years ago

If you set the administrator flag for your regular user then you should not need to log as admin.

I disagree on the fact that admin rights should be restricted ...

#2 Updated by Daniel Schuba about 7 years ago

well but why should an admin have all rights in all projects, maybe he is only there to manage users or add new costum-fields and should not have the right to everything

The point is, that an admin does not need rolles, but in fact admin is also some kind of role, BUT the role of an admin does not nessarly include having all possibilities

#3 Updated by Holger Just about 7 years ago

I like the admin flag how it currently is: it resembles the root user on Unix. So it has every right and can do maintenance without messing with permissions.

What you do probably want is something like a global role concept (as described in #4427). That way, you could give a user the right to just create a new user but nothing more. However, I would not want to restrict the admin users in anyway as this would be unintuitive and would hinder the workflow for most people.

Also available in: Atom PDF