Details
Description
There has been request for "providing an effective sub- or lite-administrative role that does not include full admin access" (SAK-7813, SAK-20412, etc.)
Currently, there is only one set of functions to check admin user privilege (isSuperUser() and isSuperUser(String)). And those functions are used all over existing Sakai code to bypass context-related security checks.
We propose two new functions as to support levels of admin users (isSuperAdminUser() and isSuperAdminUser(String)) and changes to implementation so that the new isSuperAdminUsers would return true for the current "full-range administrators" and isSuperUsers would return true for both "full-range administrators" and "lite admins".
With the support of the above new functions, a new "AdminLite" tool has been implemented to use by those lite admin users (UMICH-232). The tool is a combination of legacy Admin Sites tool, Realms tool, Users tool and Become Users tool, but in a much function-lite version
Gliffy Diagrams
Zeplin
Attachments
Issue Links
- is depended on by
-
SAK-20412 Offer solution for delegated support and administration
-
- RESOLVED
-