This topic is locked
[SOLVED]

 Dynamic Security - Security API

1/19/2020 5:07:00 AM
PHPRunner General questions
lefty author

I have a project with multiple groups in dynamic security setup . I also have a default group setup which works fine. The issue I have had for years is

when the Sub Administrator of client project needs to setup an Employee , it defaults the employee to default group which makes sense . I need for this Sub Administrator to

be able to change the employee setup to another group without assigning the Sub Admin ( Full Administrator Privileges - To the Admin Area ) which can do damage to the project

if they start checking wrong boxes in the admin area example .. page permissions. So in the meantime they have to contact me to change a user every time they have a new employee that changes to

another group. So if you have 20 clients with 20 sub administrators , you get a phone call or email, every time you need to put a user into another group.
I have looked through the Security API and see I can use setPermissions($table, $rights) after successful login event.

This still does not let me change the group the user belongs to , it just dynamically let's me change Add , edit , delete pages etc... for a table. I see I can also GET the User Group

using Security::getUserGroups() name which does nothing for me. Where can I actually SET User Groups without giving full access to Admin table, as the setAllowedPages function does not cut it either as it has no affect on page types the user has no access to. And using setPermissions function for "M" just sets to Admin when users can see/edit their own records. So don't see how that can do it either as just gives access not able to change groups here ( as I see it ).
I was thinking to have another table that I plan to use for example Sub_Admin_table ( only sub_admin has access to) that is a view of one of the security tables particularly the user group table and setup for client sub-admin to use to change user groups based on the usergroup table , but not sure for one if that is secure way of doing this[size="2"] and if it will break security and or project. [/size][size="2"]So not sure how to resolve this as this has been an issue for a long time now? [/size]
[size="2"]Is there any way I can use this table to change an Employee from one users group to another from this table without breaking security / project ? Any example would be appreciated. [/size]
It would be a nice feature if we had the option in security setup to choose a sub-administrator and give them admin access to change users to specific groups other than admin group without having access to change page permissions.

jadachDevClub member 1/19/2020

I have this type of requirement on a few of my projects.
Typically I am the only admin. However, I need "sub admins" to add users.
I create a custom view of the users table and roles table that I give sub admin access to. There the sub admin adds/edits/deletes users and assigns role access.
I then create a master detail relation with the two new views connected by username. Now you can use inline add/edit to assign roles.
Regarding passwords, after a new user is added, I send an email to ../remind forcing them to change their password.

lefty author 1/19/2020



I have this type of requirement on a few of my projects.
Typically I am the only admin. However, I need "sub admins" to add users.
I create a custom view of the users table and roles table that I give sub admin access to. There the sub admin adds/edits/deletes users and assigns role access.
I then create a master detail relation with the two new views connected by username. Now you can use inline add/edit to assign roles.
Regarding passwords, after a new user is added, I send an email to ../remind forcing them to change their password.


Thanks for the reply!
Currently I do have a view setup for adding users in a view called Employees from the admin_users table and the sub-admin adds them and then sends them a password reminder. That part works fine. When you say role access , are you referring to the uggroups table that is generated by security setup? As that is where my issue is assigning users to different groups without giving full Admin Access ?

jadachDevClub member 1/19/2020



Thanks for the reply!
Currently I do have a view setup for adding users in a view called Employees from the admin_users table and the sub-admin adds them and then sends them a password reminder. That part works fine. When you say role access , are you referring to the uggroups table that is generated by security setup? As that is where my issue is assigning users to different groups without giving full Admin Access ?


Yes, uggroups table.

lefty author 1/19/2020



Yes, uggroups table.


Got it will give that a go then. Thanks for the info.