Forum

Thread tagged as: Question, Configuration

Prevent Ability To Modify User Roles

Are you planning on introducing the option to allow a user to manage other users but not manage roles?

Recently I've given a client access to the 'Users' menu but I think it would be better if they couldn't edit the user roles, just select a role equal or less than their access. Otherwise they can give themselves full access.

Cheers, Toby

Creative Monster

Creative Monster 0 points

  • 6 years ago
Drew McLellan

Drew McLellan 2638 points
Perch Support

It's not something we currently have planned, but only because it's not often requested.

I think this could be very useful, I rarely give 'User' access to clients but would like to be able to let their administrator manage users with equal or less access as themselves.

Can this be a formal feature request?

Drew McLellan

Drew McLellan 2638 points
Perch Support

I think first we'd need some way to define "equal or less".

I would also like this option. I want to give my clients the option to create users (less or equal than their access) but not the option to change their own role to admin (and the possibility to mess up everything).

Less or equal > maybe with a reorder option in the roles overview?

Yeah, I've since needed this again a few times since I first raised this ticket.

Drew McLellan

Drew McLellan 2638 points
Perch Support

We could possibly extend the Roles to have two checkboxes for each privilege

  1. Role has this privilege
  2. Role can assign this privilege to other roles

would that work?

If so, this is something that we could look at adding to Runway.

Yeah I think that would work.

It's a shame it would just be for Runway though, but if that's the only way of doing it then fair enough.

Drew McLellan

Drew McLellan 2638 points
Perch Support

It's not really a small site feature, so it would be suited to Runway rather than Perch.

If we put everything into Perch we'd soon be fielding complaints that it was getting bloated.

Why would this not be a small site feature?

Surely the ability to currently create users with higher permissions than yourself is a potential issue for any business?

I agree, having fine grain control over users is relevant to any site.

But I guess they do have to differentiate Perch from Perch Runway in places.

The differentiator for Runway was originally the ability for developers to do more complex things, not to up sell for extra end user features. Something like permission is all admin dashboard based so should be consistent across both platforms.

Drew McLellan

Drew McLellan 2638 points
Perch Support

No, the differentiator is scale of project, and in this case likely scale of team.

Most Perch installations have one or two user accounts, and the users are typically business owners or direct reports. They don't need technological solutions to stop people messing with what they shouldn't - just like how they don't need to lock their office filing cabinets to stop employees snooping on each other's HR records.

Perch is designed for smaller sites, and aims to be a light-touch solution. We try not to add software where it's not needed, in order to keep it this way. If we make it too complex it stops being useful for smaller sites.

Our product strategy to enable us to provide those features for people who need them is Perch Runway.