I'm playing around with the ACL settings for administrator groups, and it seems kind of unfinished.
T.ex. we wanted someone to have access only to edit products, nothing else. But then we must remember to give access to image handling too (fine), but weirdly also categories, else they can't be selected any on the product...
And to be able to change own password, the user would need access to edit administrators. And when that access is given the user would be able to edit also others users accounts and passwords, including those with higher rights (e.g. full admins aka super admins).
Edit! Actually can a user with access to edit administrators also upgrade his own account to full access directly (changing user group). Ouch...
T.ex. we wanted someone to have access only to edit products, nothing else. But then we must remember to give access to image handling too (fine), but weirdly also categories, else they can't be selected any on the product...
And to be able to change own password, the user would need access to edit administrators. And when that access is given the user would be able to edit also others users accounts and passwords, including those with higher rights (e.g. full admins aka super admins).
Edit! Actually can a user with access to edit administrators also upgrade his own account to full access directly (changing user group). Ouch...
Share this post:
Your Reply
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »