[TYPO3-dev] Proposal for TYPO3 >= 4.2: change rights-management for BE-users/-groups
Franz Koch
typo.removeformessage at fx-graefix.de
Sun Aug 19 11:30:37 CEST 2007
Hi list,
I'm not sure where to post a proposal for the upcoming TYPO3 4.2 as the
CORE-list is not available for subscription in Thunderbird. But I think
this list here is also ok for that :)
What I find really annoying with nested BE-groups is, that
content-elements and extensions get denied instead of allowed. There are
several problems with denying things for BE-groups or BE-users instead
of allowing:
1) later added functionality is enabled by default
--------------------------------------------------
As the rights system only denies certain extensions or CEs, newly added
extensions are allowed for any BE-user by default. I don't have to tell
you that this is not a good practice. Inverting that settings to simply
allow certain elements would in contrast be 'future proof'.
2) using nested BE-groups leads to not usable editor-rights due to
summed up restrictions
--------------------------------------------------
If you have several BE-groups for the most common tasks for editors
(like one group-configuration for news, newsletter, regular content,
events,...) and you would like to create maybe one 'master-editor'-group
which has some more rights and has all the other BE-groups as subgroups
as he should be able to do everything the other editors can do, it is
most likely that due to the summed up restrictions the master-editor in
fact can do much less then any other editor.
Example:
- groupA is not allowed to edit forms, but any other regular content
- groupB is not allowed to edit extensions, but something else
- groupC is allowed to edit news-records and news-plugins
- masterGroup would be allowed to edit forms, news-records and
news-plugins and has therefore all three groups as subgroups, but can
in fact edit nothing due to the summed up restrictions.
If the settings would be inverted, the masterGroup would be allowed to
edit records as normaly expected.
Of course this can be by-passed by setting up the 'master-editor'-group
from scratch - but that is pretty annoying.
So I suggest to invert the rights-management behavior for
content-elements and extensions in BE-groups and BE-users in order to be
of more practical use and to improve usability of TYPO3 for
administrators (which is also a goal for the 4.x branch). So in that
case I would drop backwards compatibility.
But in fact it doesn't necessarily have to be dropped completely - the
checkboxes set in the rights-management could remain as they are
currently, only the calculation of rights would have to be changed. But
I would prefer to also change the checkboxes and only 'activate' allowed
elements.
--
Kind regards,
Franz Koch
More information about the TYPO3-dev
mailing list