Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.
Is there a way to give limited administration rights to users in a group?
I have two sales groups each with it's own manager and I would like to be able to give these manager's the ability to add or update users and transfer companies between users within their group.
I have figured out (with help from posts in this forum) how to allow the managers to view all of the companies within their group, using 'manage group members', but I can't work out how to give administration privileges within the group.
Sorry for being incommunicado - I was swamped on another project. I would guess that it is doable but I'll have to do some messing around with the ACL on my test server to confirm for sure and it may be a couple of days before I get to that. Have you found a solution in the meantime so I don't end up doing duplicate work?
Thanks for the reply, Ivaylo.
I wasn't intending this question to turn into extra work for you - it was more to see if there was a way of doing it that I had been unable to discover. However, in my particular case it would be a very useful feature and it could be of benefit to other users also. I still don't have a solution for this.
I know this response is very, very, very late - I misplaced the reminder email for it so, please accept my apologies. What you want to accomplish should be doable with the current functionality of XRMS. It will take some experimenting to get it just right but the approach should be something along the lines of this (you must be logged in as an Administrator for this):
In Administration > ACL > Manage Groups, create the two Groups (Group A, Group B)
In Administration > ACL > Roles, create the two management Roles (Manager - Group A, Manager - Group B)
In Administration > Users, select the users who will carry out the roles of Manager - Group A and Manager - Group B and add those roles to them (this is done in the User Roles sidebar). Also, add the role of 'Users' for every member of the Groups A and B.
In Administration > ACL > Manage Role Permissions you will be able to see the inheritance of the permissions between Child/Parent object which should give you an idea how permissions cascade through the various ACL objects within XRMS. You may want to refer to the XRMS Administration Manual for some help on that.
Once you are aware of the inheritance patterns, I personally prefer to work with the permissions grid in Administration > ACL > Manage Rope Permissions in Grid. First you select the role you are going to be defining permissions to and then you should be able to give rights to Create, Read, Update, Delete or Export the various objects on a World, Group and User level and for each right you can assign it as Inheritable (to cascade to its child objects) or Non-Inheritable (permission relates to the particular object and level only). There are objects for both Users and Companies which should allow you to assign permissions to the Managers of the groups to manage at their group level.
The XRMS ACL mechanism can be a bit tricky but it is quite powerful so check to make sure you the users who are supposed to have the given privilege have it and the ones who shouldn't do not and tweak your permissions accordingly. It may be best to do this on a test installation first so you don't mess up a production environment. Document the steps you are taking so you can always retrace back and see what you have changed and what is the result you have achieved.
Sorry for the wait again and I hope this helps!
Thank you for this detailed reply.
I will try out what you suggest and let you know how it goes.