[TYPO3-core] RFC 15286 : Feature: Deactivating the cache menu for admins

[Helmut Hummel]

Hi Ingo,

Am 29.07.2010 17:23, schrieb Ingo Renner:
>
>> But how do you prevent the respective admin from enabling this?
>
> of course they can, but that's not what the issue is about. It's just
> about huge installations where you sometime _have_ to make people an
> admin and the decision might not even be in your hand.
>
> This is basically just about disabling the entries in the menu. There's
> certainly no harm by adding the option and if you don't set it to 0,
> nothing's going to change for. Just always keep in mind that there are
> scenarios out there that you might not have thought about yet.

In general, I agree. But I also disagree with the current solution, 
because of the arguments already presented.

The real questions in this case are:
Why are these people admins?
What is not possible with a normal user account?

The current situation is, that there is a large gap between what an 
editor's account with _full_ rights (rootpage as mountpoint, able to see 
and edit every record ...) is allowed to do and what an admin can do.

In TYPO3 an admin can do _everything_ and this is an outdated concept, 
because it is far from optimal security wise.
All modern operating systems try to get rid of the "root can do 
everything" concept.

Sooner or later (better sooner than later) we need to implement such 
concepts in TYPO3.

So what we need is either:

1. Being able to enable things for a normal user account, so that admin 
rights for these users are not possible any more

or

2. Find a proper way to limit the rights of an admin in a way that he or 
she cannot circumvent.

Both are not easy to achieve, but doable.

For this special case: Why not take the information if the admin may 
clear the cache from an option set in localconf.php? Or even better, 
introduce a different place for configuration, to which an admin has 
_really_ no access to.


Just my 2 cents

Helmut