how to write a reference in an essay winter vacation homework front page what goes in a annotated bibliography once more to the lake full essay independent study research paper

Horde 3.3.10 customizing – Patch for more flexible administration of users and groups

Horde Groupware is a great couple of end-user applications with a lot of flexibility. It supports many different sources or backends for retrieving authorized users and putting them into groups which have access to some resources like calendars, address books or inventory lists. Horde includes a GUI for editing users and groups if the backend supports it. The GUI is accessible only to those users which have the global administrator privilege set in the conf.php configuration file. Users with this flag can access all administrative options like the SQL shell, the configuration editor and the permission tree. This is usually not what you want. Administrators want to delegate tedious user and group management to moderators or managers, but they do not want to enable these people to make harmful changes to the general application setup. Even worse, administrator users always see all applications, even those not properly setup for usage. There’s no way to disable that.

To fix this, I have provided a patch against horde 3.3.10 which allows more flexible administration permissions. You can now allow certain users to access only some administration screens like the users screen or the groups screen while not allowing them access to the permissions editor at the same time. These users will be presented only the administrative links which they have access to. Technically, they don’t get the isAdmin flag, so they don’t need to view everything a full administrator can see. I used the horde permissions system to implement access management, after Jan Schneider suggested this move instead of writing a full „account management module“. There is no feedback yet if this patch will make it into mainstream horde3 but I will use it on some horde installations.

1 Kommentar

  1. Horde 4.0.6 brings user-specific admin privileges |

    […] Last October I wrote about a patch for Horde 3 which allows permission-based access to individual admin privileges. This patch has now been ported to Horde 4 and is incorporated in Horde 4.0.6. You can now assign a user the task of managing groups without allowing him to use the permissions admin and grant himself additional privileges. Or you can delegate emergency password resets to a group of trusted people without confusing them with icons like the PHP Shell. Only those admin functions are shown which the user has access to. Another side effect: Even if a user has all admin permissions, he is still not recognised as an admin and won’t be shown things that admins always have to see regardless of their permissions and settings. […]

Kommentare sind geschlossen.