Redefine WA Admin roles [6273]

• 10-11-2008, 4:47 PM

  9899

  gypse Joined about 4 years ago Posts 223

  Redefine WA Admin roles [6273] I'm still new to using Wild Apricot and don't know much about the events manager role, as we are not using that yet.  However, in trying to grant access to those people that need to get in and do various things so far, this is what I'm thinking could be changed -   Current Admin Roles: Accout Administrator, Events Manager, Donations Manager, Membership Manager, Website Editor Proposed Additions: Website Manager, Accounting Manager, Communications Manager Proposed Changes to existing structure - Remove "view hidden pages" from Events Manager, Donations Manager, Membership Manager.   These people should only be able to view the same pages they would be able to view if they signed in with the member log-on instead of their admin log-on.   Limit "view hidden pages" for Web Editors to their assigned section(s).  They should not be able to view hidden pages in other areas of the web site. Remove "member only pages / restricted access" from Events Manager, Donations Manager, Membership Manager, and Web Editors - they should only be able to access the same sections of the website that they would be able to view if they signed in with the member log-on instead of their admin log-on. Limit things that should not be changed on a frequent basis, including things like changing web site headers/footers and payment methods, to the account administrator.  People should not be given an ability to "see what happens" in these areas. Add a web manager level that can have more control than a web editor for those that don't need the more refined capabilities. Add a accounting manager for those that want to excercise stronger accounting controls. Add a communications manager for people that just need to access the members list, search/report functions, and communicate with the group. Overall, these changes should make things like discussion forums in restricted areas more secure and should prevent people from limited knowledge from experimenting in areas they should not be tampering with.  Also helps to establish some boundaries on who can correct financial information, change payment info, change renewal dates without balancing the payments, etc. PROPOSED ACCESS BY ADMINISTRATOR ROLE - Account Administrator Only (Things that once set up should not need constant maintenance.  Changes should be thought out and not be one person's decision.) Change visual theme, customize colors and styles CSS customization, including WebDAV Add/edit/delete administrators Delete all members Domain setup Web analytics integration Edit organization details Upgrade or delete account Add/edit/delete member levels Customize member database fields Customize member profile display settings Customize member application workflow and e-mails, renewal settings and emails Edit payment settings Website Manager, Account Administrator View webpages via admin interface (including hidden and member-only / restricted access pages) Add/edit/delete page, change visibility, change access: public/members Edit settings for pages:  Events, Member application, Donation, Member directory, Blog, Discussion forum Edit page header, page footer Edit Meta tags Adding restricted access website sections, granting access & editor rights   Website Editor - For Assigned Section(s) of website only: Add ability to assign the editor to a "top page(s)" of a website and that editor may only have editor access to that top page(s) and the children pages that cascade down from that top page(s). View webpages for their assigned sections only via admin interface (including hidden and member-only / restricted access pages)  Add/edit/delete page, change visibility in their assigned section(s). Edit settings for pages:  Blog, Discussion forum, Directory, Events within their assigned section(s). Edit Meta tags within their assigned section(s).     Website Editor, Website Manager, Account Administrator Events Manager, Donations Manager, Membership Manager Communications Manager, Accounting Manager Access to members list & search features Ability to email from control panel Ability to view reports, if they become available   Donations Manager, Account Administrator Archive/delete donors Customize donation confirmation e-mail Export donations or donors   Events Manager, Account Administrator Only Register member for event Add/edit/delete event, customize event registration form Edit/delete event attendee Email  event attendees (one event or all events) Export event attendees (one event or all events) Customize event registration e-mails Edit/archive attendee   Accounting Manager, Account Administrator Only Edit payment transactions Change payment status of event attendee   Membership Manager, Account Administrator Only Add/edit/archive/delete members Import and export members

  Report abuse

• 11-26-2008, 12:02 PM

  10370 in reply to 9899

  gypse Joined about 4 years ago Posts 223

  Re: Admin Roles / Ability to view Hidden Pages An example of a well meaning volunteer messing things up - I lost my home page yesterday . . . the person editing another page somehow copied that html over the home page html and put 2 copies of their page on the website - no copy of the home page.  Clicking the website url took you to that page instead of the home page. Fortunately I had an html file from when I was developing the home page - I know there have been online changes since then, but at least it gives me a starting point. If the person's permissions concentrated them on their area only, they would not have been able to do it.

  Report abuse

• 06-05-2009, 11:14 AM

  12938 in reply to 10370

  Anonymous	Re: Admin Roles / Ability to view Hidden Pages We are currently working on a way to restrict some admins (a type of limited admin) to just specified ares of the site. They will only be able to edit pages in their specified section. Our current plan is to release this in Iteration 3.1, sometime over the summer.

• 06-18-2009, 3:34 PM

  13147 in reply to 12938

  wchester Joined about 3 years ago Posts 66

  Re: Admin Roles / Ability to view Hidden Pages Thank goodness I found this thread.  I was about to go crazy in a new thread :)  We just started handing out limited admin roles to some of our members.  I was shocked at how a simple "event manager" or "website editor" could see most anything they wanted about other members and especially internal use fields.  We have had to remove all admin privileges because we can't have other folks seeing personal data about everyone else.  So now what should be the work of a few dozen event and web site admins all has to be funneled through the one master admin.  This has slowed our web site progress down to an excruciating crawl.  I hope the fix for this truly does come sometime this summer.  This is probably the biggest deal breaker I have found amongst the many I have posted in the last few months. Thanks for your commitment to a release 3.1 on this WA.  As always, your customer service is second to none.

  Report abuse

• 06-19-2009, 9:12 AM

  13159 in reply to 13147

  Chief_Apricot Joined about 5 years ago Toronto Posts 4,265	Re: Admin Roles / Ability to view Hidden Pages @wchester Development has mostly finished on 3.1 so this feature is not in it - and will not make it to 3.2 as we need to analyze this further to design a solution meeting most needs. I would appreciate any specific suggestions - what rights should be added/taken away to different admins vs. what we currently have. Dmitry Buterin, Chief Apricot
  	Report abuse

• 06-22-2009, 2:00 AM

  13201 in reply to 13159

  wchester Joined about 3 years ago Posts 66

  Re: Admin Roles / Ability to view Hidden Pages Oh that is terrible news.  So I am guessing that gvalentino's estimate of this summer is not going to happen.  You guys have got to start giving the admins the basic ability to protect their site!  Both the way you handle restricted sections and the admin roles handcuffs the admins such that we either lock almost everything down or leave it wide open.  Chief said "I would appreciate and specific suggestions".  Gypse wrote you a small dissertation above.  I believe it is fairly specific.  The bottom line is that you should strive to allow the Account Administrator to allow access to other admins per each admin console tab.  get rid of the meaningless niche admin titles like "Website editor" and "Membership manager" (i.e. why in the world can an Event Manager log in as an admin and go to Members > Payment settings and successfully change the currency to a custom currency?  There are many examples like this).  Simply allow admins to assign out or deny access to any of the tabs in the admin view.  If WA has put good thought into the manner in which you segregated these tabs then wouldn't it stand to reason that the admin can allow/disallow admin access per tab?  There would also be a need for special consideration when allowing web page editing.  For "Web Pages" you need to further allow the account admin to restrict other admins to edit on a page by page basis (or at the very least section by section).  If you want to see a great implementation of this spend 50 bucks and experiment with the excellent admin features of the HOATown.com hosted sites (and check out their great granular approach to restricting member access per page as well).  I know it would add a few dozen fields to your internal database.  But I don't see why this isn't a simple table lookup each time an admin tries to click on an admin console tab...the user ID gets cross referenced with their permission for that particular tab (either YES or NO in the DB) and they either get into that tabbed area or it comes up as Access Restricted and doesn't let them enter.  Or better yet.  Write some java that whenthey log in as an admin and the console comes up, only the tabs they have access to are visible.  The current implementation where an admin can get fairly far into tabs not meant for their job description before getting an Access Denied dialog is fairly useless. I bet a lot of people would agree that improvong this functionality would greatly improve their WA experience almost more than any other enhancement.  It ain't a sexy improvement, but it touches the core of our abilities to control our own sites.

  Report abuse

• 06-22-2009, 8:57 AM

  13204 in reply to 13201

  Chief_Apricot Joined about 5 years ago Toronto Posts 4,265

  Re: Admin Roles / Ability to view Hidden Pages gvalentino is correct, it's just that his comment should have been more expanded. We are releasing in our next update web admin role with ability to restrict to specific pages. All other functions for this role will be the same as for current web admin (who can edit all pages). Gypse's comment is very detailed and helpful. My point was that I would appreciate any additional insights - or even let us now if you full subscribe to that comment. Overall overhaul of admin roles is something that we plan - but it is some time away. It is not as simple as access per screen/tab. E.g. we think that donation manager should have access to advanced search and keyword search - but should only be able to email/export donors. Dmitry Buterin, Chief Apricot

  Report abuse

• 11-06-2009, 1:22 PM

  15004 in reply to 13204

  Chief_Apricot Joined about 5 years ago Toronto Posts 4,265

  Re: Admin Roles / Ability to view Hidden Pages In our next version 3.3 we are making quite a few changes to access rights of different admin roles - to have them more 'separated'. For example, Website manager will not have access to contacts, members and Donations - and will not even see those tabs. This redesign does not address everything discussed in this thread - but to keep us organized and moving forward, once it is released, we will archive this thread and you will be able to start new ones for suggested improvements/changes to the current functionality. Dmitry Buterin, Chief Apricot

  Report abuse

• 12-16-2009, 3:10 PM

  15613 in reply to 9899

  Anonymous	Re: Redefine WA Admin roles [6273] As Dmitry mentioned, version 3.3 includes amny interface changes to help to keep the limited admin roles a little more separate. This thread will be archived. If you have any other requests or ideas that have to do with admin roles, please do not hesitate to post them to the Wishlist.