EdWeb Admin User

Background

Drupal as the idea of an all powerful "admin" user (or user=1). In a vanilla install, you can login as literally "admin" and have full control/access to the site.

EdWeb comes with various default roles, one of which is "system administrator", but this is purely in regards to administering the EdWeb side of things. A user with the "system administrator" role does not have full access to the Drupal side of things.

There are some things we want to do as "admin", and if the site isn't Cosigned/EASEd, then you can literally login in with the "admin" username and password, but once a site is Cosigned/EASEd, then you can only ever login as your UUN.

One big "no no" from the EdWeb developers, is to ever create/edit content as the "admin" user (or "admin like"). Being admin skips various hooks that are used in the EdWeb system.

Our solution

First give the existing EdWeb role "system administrator" a couple of extra permissions:

drush role-add-perm "system administrator" "administer permissions"
drush role-add-perm "system administrator" "administer users"

Then created the "admin user" role:

drush role-create 'admin user'

Then via the Drupal interface give that role virtually all the available permissions by ticking all the permissions on:

https://web.inf.ed.ac.uk/admin/people/permissions/15

(where "15" is the "admin user" role), apart from the "bypass ..." permissions, which we left unset.

Now to become an "admin like" user temporarily, a person with the "system administrator" role can edit their own profile (via the web) and add or remove the "admin user" role.

Or via drush with:

drush user-add-role "admin user" UUN
drush user-remove-role "admin user" UUN
# check with
drush user-information UUN

The same warning applies about not editing or creating content while you have the "admin user" role.

To do

At some point we should look at some obvious visual clue that you have the "admin user" role to avoid people accidentally editing things as admin.

Off the top of my head, perhaps a block that only appears if you have that role.

As the EdWeb distribution develops, new permissions are likely to be added, and so every so often it is an idea to check and update the permissions that the "admin user" role has.

-- NeilBrown - 20 Jul 2018

Topic revision: r1 - 20 Jul 2018 - 11:45:31 - NeilBrown
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies