Modifying Security Roles

Question

0

Modifying Security Roles

Andrew Lee posted 10 Years Ago

Good afternoon,

Is there a better description or a way to determine the exact permissions of the security roles? We are working to determine where to put our staff.

All of the inherited permissions roles are identical with Rock Administrators (Role) having allow and all users having deny. Reading the documentation, we are unclear the proper way to setup our staff.

Thank you,
Andrew

Jim Michael · Accepted Answer · 2014-03-21T13:03-07:00

1

Jim Michael replied 10 Years Ago

Hmm... that's an interesting point! I didn't really notice until you made me look, but there appears to be no (current) way to look at a security role and see everything it has access to (which I imagine would be a tree view of some sort)... you have to do the opposite, which is look at the entity and see what roles are applied to it (I can see that being very cumbersome if you want to add a completely new role and grant access to disparate parts of the system all at once.)

If you are logged in as a Rock admin and then click the padlock in the admin toolbar on any page, you can see where Rock Administrators has edit/Administrate everywhere, but Staff Users has only view rights to most of the same places. I imagine it's possible to have the reporting system document everything a role is assigned to, but I don't know how to do that, yet. I'm more curious to know if 1.0 will have some ability to open a role and see what rights it has vs. having to go to the entity itself and view/assign the roles. I'm wondering if that's even possible since security roles in Rock are really just groups, and groups don't have that kind of functionality that I can see.

Hopefully someone with actual knowledge of the architecture will jump in with the skinny on this subject!

Edit Answer

Hmm... that&#39;s an interesting point! I didn&#39;t really notice until you made me look, but there appears to be no (current) way to look at a security role and see everything it has access to (which I imagine would be a tree view of some sort)... you have to do the opposite, which is look at the entity and see what roles are applied to it (I can see that being very cumbersome if you want to add a completely new role and grant access to disparate parts of the system all at once.)

If you are logged in as a Rock admin and then click the padlock in the admin toolbar on any page, you can see where Rock Administrators has edit/Administrate everywhere, but Staff Users has only view rights to most of the same places. I imagine it&#39;s possible to have the reporting system document everything a role is assigned to, but I don&#39;t know how to do that, yet. I&#39;m more curious to know if 1.0 will have some ability to open a role and see what rights it has vs. having to go to the entity itself and view/assign the roles. I&#39;m wondering if that&#39;s even possible since security roles in Rock are really just groups, and groups don&#39;t have that kind of functionality that I can see.

Hopefully someone with actual knowledge of the architecture will jump in with the skinny on this subject!

<p>Hmm... that&#39;s an interesting point! I didn&#39;t really notice until you made me look, but there appears to be no (current) way to look at a security role and see everything it has access to (which I imagine would be a tree view of some sort)... you have to do the opposite, which is look at the entity and see what roles are applied to it (I can see that being very cumbersome if you want to add a completely new role and grant access to disparate parts of the system all at once.)</p>

<p>If you are logged in as a Rock admin and then click the padlock in the admin toolbar on any page, you can see where Rock Administrators has edit/Administrate everywhere, but Staff Users has only view rights to most of the same places. I imagine it&#39;s possible to have the reporting system document everything a role is assigned to, but I don&#39;t know how to do that, yet. I&#39;m more curious to know if 1.0 will have some ability to open a role and see what rights it has vs. having to go to the entity itself and view/assign the roles. I&#39;m wondering if that&#39;s even possible since security roles in Rock are really just groups, and groups don&#39;t have that kind of functionality that I can see.</p>

<p>Hopefully someone with actual knowledge of the architecture will jump in with the skinny on this subject!</p>

<p>Hmm... that&#39;s an interesting point! I didn&#39;t really notice until you made me look, but there appears to be no (current) way to look at a security role and see everything it has access to (which I imagine would be a tree view of some sort)... you have to do the opposite, which is look at the entity and see what roles are applied to it (I can see that being very cumbersome if you want to add a completely new role and grant access to disparate parts of the system all at once.)</p>

<p>If you are logged in as a Rock admin and then click the padlock in the admin toolbar on any page, you can see where Rock Administrators has edit/Administrate everywhere, but Staff Users has only view rights to most of the same places. I imagine it&#39;s possible to have the reporting system document everything a role is assigned to, but I don&#39;t know how to do that, yet. I&#39;m more curious to know if 1.0 will have some ability to open a role and see what rights it has vs. having to go to the entity itself and view/assign the roles. I&#39;m wondering if that&#39;s even possible since security roles in Rock are really just groups, and groups don&#39;t have that kind of functionality that I can see.</p>

<p>Hopefully someone with actual knowledge of the architecture will jump in with the skinny on this subject!</p>

Save Cancel

Jon Edmiston

10 years ago

To capture the idea go ahead and enter it into the 'black book'.

Question

0

Modifying Security Roles

1