Access to Admin Area

Hi,
Does anyone know a way to provide access to the Admin Area where Non Admins can create users and add them to groups?
Use Case:

Account Managers are able to create Form 1 and add a user from it, they now need to go to the Admin area to add them to a group OR They need to be able to go to the Admin area, create the user and add that user to the appropriate group? I do not want Account Managers having full access to all the forms.
Thanks,

• Sandy
  

Depending on Dynamic permission you setup or static permission. I am going to assume Dynamic as yo need do this with the above statement.

You should always supply build and version you are using as , it makes somewhat of a difference???? Trying to help you with this.
In 9.8 see below , even though ( 10.0 or above if you want add extra add / edit / list pages if necessary you can by adding a list2,add2,edit2 etcc.. pring , export and so on )
There are many ways to do this .
What I would do is make a user group calledAdmin_Managers ( assigning the managers to that group ) once you go to the admin area . but,

Give them access to all except / the table or add/edit forms that you had the MASTER_ADMIN only has access to.

While still keeping the master Admin with all access.
Now Create a custom view of the employees or user table or table your are referring to making the Admin_managers with access to certain fields and / or tables.
Now you have two views one MASTER_ADMIN already done and a custom view with minor changes that the Manager_admin can make.
That 's basically it???
Set security for the view for Admin_Managers under security tab.

Depending on Dynamic permission you setup or static permission. I am going to assume Dynamic as yo need do this with the above statement.

You should always supply build and version you are using as , it makes somewhat of a difference???? Trying to help you with this.
In 9.8 see below , even though ( 10.0 or above if you want add extra add / edit / list pages if necessary you can by adding a list2,add2,edit2 etcc.. pring , export and so on )
There are many ways to do this .
What I would do is make a user group calledAdmin_Managers ( assigning the managers to that group ) once you go to the admin area . but,

Give them access to all except / the table or add/edit forms that you had the MASTER_ADMIN only has access to.

While still keeping the master Admin with all access.
Now Create a custom view of the employees or user table or table your are referring to making the Admin_managers with access to certain fields and / or tables.
Now you have two views one MASTER_ADMIN already done and a custom view with minor changes that the Manager_admin can make.
That 's basically it???
Set security for the view for Admin_Managers under security tab.

Apologies, I am using PHP Runner 10.2. I have created a group "Admin" and placed the users within that group, granted them permission to the User's table to add and the other 3 tables I want them to be able to access and that works perfectly. I attempted to make a view of the _ugmembers, however they will need to know the groupid for all user roles in order to add the users to the appropriate groups.
Is there another way? Is it as simple as me adding a "group" field to _ugmembers as a drop down that when selected auto populates the groupid?
Thanks,

• Sandy

Apologies, I am using PHP Runner 10.2. I have created a group "Admin" and placed the users within that group, granted them permission to the User's table to add and the other 3 tables I want them to be able to access and that works perfectly. I attempted to make a view of the _ugmembers, however they will need to know the groupid for all user roles in order to add the users to the appropriate groups.
Is there another way? Is it as simple as me adding a "group" field to _ugmembers as a drop down that when selected auto populates the groupid?
Thanks,

• Sandy
  

_If Dynamic permissions are used ,

I would not change anything in the security tables that are generated by PHPrunner . In the Admin area of the generated output, create another group called Admin_Managers besides the already generated ADMIN group. Now after creating give the Managers one by one access to Admin_Managers by using the add/edit users in the already outputed ADMIN AREA, to be able to change etc.. certain tables to add , edit , delete. Now anyone who belongs to that group would be in the Admin_Managers group and you still have the master ADMIN who can change anything generated when you had setup security. Now outcome AdminManagers have some access but not all .
If the above suggestion is not enough read further
you can use the 10.2 Security API Click Here , but in this case not sure it's needed.
If you need to group by tables meaning your actual working tables not the security tables, add a groupid to each table.

Then after Succesfull login event add
$_SESSION["fldgroup"] = $data["fldgroup"];
Then in each table where groupID is needed add default value as [size="2"]$_SESSION["fldgroup"][/size][size="2"] or if is a dropown where only certain groups can see you can use where groupid field = " . [/size][size="2"]$_SESSION["fldgroup"];[/size]

[size="2"]or in 10.0 above you can write it differently like [/size]
WHERE CustomerID= ':session.groupid' in dropdowns or additional tabs.
I actually use these type of methods to split my departments . For example I call Managers group 4 , Salesman - either group 1 or group 2 depending on which division they are in . Office staff group 5 . Warehouse group 6 etc.......

So in my users table or login table I should say . I have Employees , I have username , name , pass , Division and GroupID. I setup them as the correct group . Then I also add the sames groups to the security generated in dynamic permissions , Office , Managers , Admin , AdminManagers , Salesman etc...
Lastly if the above still does not work make a custom view of the tables in your project - or in 10.0 or above add multiple add / edit pages and give access to whom you need to in dynamic permissions in the already generated project .
This question was asked before somewhere in the forum in the past - Going Back to your original question and the only way to do this at this point is to add multiple admin users in your project and then build or using the security apI which I have not used to customize in the past , so maybe someone else can chime in on that part .
Hope this helps.

_If Dynamic permissions are used ,

I would not change anything in the security tables that are generated by PHPrunner . In the Admin area of the generated output, create another group called Admin_Managers besides the already generated ADMIN group. Now after creating give the Managers one by one access to Admin_Managers by using the add/edit users in the already outputed ADMIN AREA, to be able to change etc.. certain tables to add , edit , delete. Now anyone who belongs to that group would be in the Admin_Managers group and you still have the master ADMIN who can change anything generated when you had setup security. Now outcome AdminManagers have some access but not all .
If the above suggestion is not enough read further
you can use the 10.2 Security API Click Here , but in this case not sure it's needed.
If you need to group by tables meaning your actual working tables not the security tables, add a groupid to each table.

Then after Succesfull login event add
$_SESSION["fldgroup"] = $data["fldgroup"];
Then in each table where groupID is needed add default value as [size="2"]$_SESSION["fldgroup"][/size][size="2"] or if is a dropown where only certain groups can see you can use where groupid field = " . [/size][size="2"]$_SESSION["fldgroup"];[/size]

[size="2"]or in 10.0 above you can write it differently like [/size]
WHERE CustomerID= ':session.groupid' in dropdowns or additional tabs.
I actually use these type of methods to split my departments . For example I call Managers group 4 , Salesman - either group 1 or group 2 depending on which division they are in . Office staff group 5 . Warehouse group 6 etc.......

So in my users table or login table I should say . I have Employees , I have username , name , pass , Division and GroupID. I setup them as the correct group . Then I also add the sames groups to the security generated in dynamic permissions , Office , Managers , Admin , AdminManagers , Salesman etc...
Lastly if the above still does not work make a custom view of the tables in your project - or in 10.0 or above add multiple add / edit pages and give access to whom you need to in dynamic permissions in the already generated project .
This question was asked before somewhere in the forum in the past - Going Back to your original question and the only way to do this at this point is to add multiple admin users in your project and then build or using the security apI which I have not used to customize in the past , so maybe someone else can chime in on that part .
Hope this helps.

Thank you and I do apologize as I have completed the majority of what you are describing. I think I have not explained this clearly or am just having a dumb moment.
I have 6 views and 6 groups with Advanced Security on for 6 groups that have access to their appropriate views and data only. - This is working Perfectly

I have another Group "Admins" that has the proper access to the proper tables with the ability to be able to create users from within the 3 forms (tables) they have access to. - This is working Perfectly
The problem is that I need the users in the "Admins" NOT "Admin" Group to be able to add users to the appropriate groups after adding the users from the form(s).
Example: H.Admin is in the Admins Group

H.Admin opens the property form that requests 3 contacts with different roles

H.Admin clicks add new on the first contact with Role A

H.Admin completes the user add form and saves (It has a "role" field on it)

Now that newly created user needs to be added to Group A which is for users with Role A

H.Admin is unable to do that as they do not have access to the dynamic Admin Area to add users to groups.
Are you saying I have to call it "Admin_Managers"?
Sorry I am confused and/or confusing you and do appreciate your help. Maybe there is another way....
Add H.Admin to the "Master Admin" Group

Modify the menu so that certain "Master Admin's" may only see the 3 tables and the Admin Area? Is that possible?
Thanks again!

Thank you and I do apologize as I have completed the majority of what you are describing. I think I have not explained this clearly or am just having a dumb moment.
I have 6 views and 6 groups with Advanced Security on for 6 groups that have access to their appropriate views and data only. - This is working Perfectly

I have another Group "Admins" that has the proper access to the proper tables with the ability to be able to create users from within the 3 forms (tables) they have access to. - This is working Perfectly
The problem is that I need the users in the "Admins" NOT "Admin" Group to be able to add users to the appropriate groups after adding the users from the form(s).
Example: H.Admin is in the Admins Group

H.Admin opens the property form that requests 3 contacts with different roles

H.Admin clicks add new on the first contact with Role A

H.Admin completes the user add form and saves (It has a "role" field on it)

Now that newly created user needs to be added to Group A which is for users with Role A

H.Admin is unable to do that as they do not have access to the dynamic Admin Area to add users to groups.
Are you saying I have to call it "Admin_Managers"?
Sorry I am confused and/or confusing you and do appreciate your help. Maybe there is another way....
Add H.Admin to the "Master Admin" Group

Modify the menu so that certain "Master Admin's" may only see the 3 tables and the Admin Area? Is that possible?
Thanks again!

My suggestion was to add a sub admin or Admin_Managers or any name where they all belong to it and can change certain tables there instead of in the Main Admin, but I see that you need to change users to other groups also . Only way I know of is below.
I think your going to have to go this route . See Here . but only works with static permissions. I believe you might have to change some structure in your project to accomplish what you need. I always had my forms when a change was introduced automatically sent a request to the master administrator to change an employee to another group as it is a security issue to give access to numerous users , they can delete everything.
UPDATE: This may work with Advanced security also as it really does not say in the link , but as we discussed it just gives access does not change groups. I will have to run a test as I am curious also. Will post once I finish.

My suggestion was to add a sub admin or Admin_Managers or any name where they all belong to it and can change certain tables there instead of in the Main Admin, but I see that you need to change users to other groups also . Only way I know of is below.
I think your going to have to go this route . See Here . but only works with static permissions. I believe you might have to change some structure in your project to accomplish what you need. I always had my forms when a change was introduced automatically sent a request to the master administrator to change an employee to another group as it is a security issue to give access to numerous users , they can delete everything.

Thank you John, and I was so afraid that was going to be the solution. I am in agreement of being cautious with who has Master Admin and even though I would trust the 1-2 people not to delete or do anything wrong.. people make mistakes. That is why I was looking for a way to keep them from having Master Admin but still have access to add the user to the groups. I may just do the email me when a user is added and then I add them to the groups, sounds like the safest option here. Thank you again for your assistance and talking through this with me.. Greatly appreciated!