User Management Issue

I want certain people to be able to assign operator permissions to operations personnel; however, I do not want them to be able to assign themselves administrator-like access. Is there a way to either make certain roles not selectable, or segregate the user sources?

1 Like

To allow users to manage users, in the web interface, go to 'Config, ' and click on the 'General' link in the security section of the sidebar. Then, mark the checkbox for 'Allow User Admin,' and save the settings

To limit who can access user management, In the designer click on 'Project' and select 'Project Properties.' Then, in the Vision section click 'Permissions':

Under user management, select the minimum role required:
image

Finally, you can filter what roles are an option in the user management tool using the filterRole extension function.
Example:

#def filterRole(self, role):
	currentUserRolls = system.security.getRoles()
	if 'Administrator' in currentUserRolls:
		return True
	elif 'Lead' in currentUserRolls and role == 'Operator':
		return True
	else:
		return False

Result when logged in as admin:
image
Result when logged in as lead:
image

With this script, the result when logged in as anybody else would be that no roll was available to select, but due to the fact that the other roles are excluded from the permissions set above, the entire user management tool will be disabled and inaccessible to the other roles, so that doesn't really matter in this case.

4 Likes

What can I do so that certain users only have permission to add users and cannot delete any?

Configure the security so that the role you want can add, but on the delete button that role cannot.

2 Likes