User and group management for "non-admins"

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Active Member

User and group management for "non-admins"

Hello,

We would like to provide certain users access to the "Users and groups" interfaces in "Admin Tools" in Share without granting them access the other tools, like Search Manager, Category Manager, Replication jobs... So, they should have access without being administrators.

Is there an easy way to achieve this? Or should we rather go for a custom development? I have also looked for add-ons, but I haven't found one suiting our needs. What would you suggest?

Thanks a lot in advance,

Philippe

2 Replies
Highlighted
Master

Re: User and group management for "non-admins"

There is no easy way to do this. The root problem is that there are no separate permissions / privileges just for user/group management, so you'd have to give users full admin access to use the existing tools. Custom development is required to provide limited access to admin functionality and secure that with some custom privileges you add to the system.

Highlighted
Professional

Re: User and group management for "non-admins"

Any time I see this requirement my first question is this: Is Alfresco the only system in your organization that needs this? I suspect there are others with a similar need. Rather than develop something one-off for Alfresco and then repeat that work for other systems that need to delegate group administration, you might consider using a system purpose-built for this: LDAP.

For example, you could install OpenLDAP and then use an existing management front-end, like PHP LDAP Admin to give users across the organization a way to administer groups. That's just an example, there may be others, or you could develop your own. If you were willing to develop your own solution for Alfresco group management, why not do it in a more generic way that can be leveraged enterprise-wide.

Then, of course, Alfresco needs to be configured to authenticate against LDAP and sync users and groups, but that is trivial.