With the way that permissions are now handled in version 3, we have a need for more granular controls over the system, likely in the form of custom roles. The new way is pretty much an all-or-nothing approach, which makes it difficult to have any kind of role-based access to the system to prevent users from making changes to certain settings. Our hope would be to get to a place where on-boarding a new user is as simple as assigning them a Features ‘role’ and then a Folder ‘user group’. It seems like this kind of exists already with the presence of ‘Super Admin’, ‘Group Admin’ and ‘User’ roles, but we need to be able to add to this list and define what each of these roles can and cannot do at a more granular level than what is currently present in the Features section.
For example, consider the following:
-
Full Administrators
This role has the ability to manage the entire system. This is the same as making the user ‘Super Admin’. -
Power User/Manager (No access to Applications/Modules/Settings)
This role has the ability to do everything in the system except for make changes to sensitive sections of the CMS, such as: Applications, Modules, Roles, Settings -
Content Editors
This role has full ability to manage and schedule content from the library, edit layouts, view and run Commands on displays and dgroups, but lacks the permission to make any changes to anything for which they themselves do not explicitly own. E.g. They should be able to view Displays and issue Commands on them from the row menu, but should not even have access to the ‘Edit’ menu. If Edit access is given, allow the ability to prevent writing to specific fields, such as Display Name and Hardware Key.
Thanks!