[TYPO3-dev] Proposal for TYPO3 >= 4.2: change rights-management for BE-users/-groups

Franz Koch typo.removeformessage at fx-graefix.de
Sun Aug 19 11:30:37 CEST 2007 

Hi list,

I'm not sure where to post a proposal for the upcoming TYPO3 4.2 as the 
CORE-list is not available for subscription in Thunderbird. But I think 
this list here is also ok for that :)

What I find really annoying with nested BE-groups is, that 
content-elements and extensions get denied instead of allowed. There are 
several problems with denying things for BE-groups or BE-users instead 
of allowing:

1) later added functionality is enabled by default
--------------------------------------------------
As the rights system only denies certain extensions or CEs, newly added 
extensions are allowed for any BE-user by default. I don't have to tell 
you that this is not a good practice. Inverting that settings to simply 
allow certain elements would in contrast be 'future proof'.


2) using nested BE-groups leads to not usable editor-rights due to 
summed up restrictions
--------------------------------------------------
If you have several BE-groups for the most common tasks for editors 
(like one group-configuration for news, newsletter, regular content, 
events,...) and you would like to create maybe one 'master-editor'-group 
which has some more rights and has all the other BE-groups as subgroups 
as he should be able to do everything the other editors can do, it is 
most likely that due to the summed up restrictions the master-editor in 
fact can do much less then any other editor.

Example:
- groupA is not allowed to edit forms, but any other regular content
- groupB is not allowed to edit extensions, but something else
- groupC is allowed to edit news-records and news-plugins
- masterGroup would be allowed to edit forms, news-records and
   news-plugins and has therefore all three groups as subgroups, but can
   in fact edit nothing due to the summed up restrictions.

If the settings would be inverted, the masterGroup would be allowed to 
edit records as normaly expected.



Of course this can be by-passed by setting up the 'master-editor'-group 
from scratch - but that is pretty annoying.

So I suggest to invert the rights-management behavior for 
content-elements and extensions in BE-groups and BE-users in order to be 
of more practical use and to improve usability of TYPO3 for 
administrators (which is also a goal for the 4.x branch). So in that 
case I would drop backwards compatibility.
But in fact it doesn't necessarily have to be dropped completely - the 
checkboxes set in the rights-management could remain as they are 
currently, only the calculation of rights would have to be changed. But 
I would prefer to also change the checkboxes and only 'activate' allowed 
elements.


--
Kind regards,
Franz Koch

More information about the TYPO3-dev mailing list