On Friday, June 20, 2014 11:59:26 AM UTC-7, KateYoak wrote: > > I ran into a similar thing with BlackMagic plugin - the one that lets you > have field-level permissions. Wanted to grant access to financial fields to > the finance folk - but not the whole company. I am pondering whether it's > a good idea to just add a feature to trac to create a group of permissions > which are not available to TRAC_ADMIN >
TRAC_ADMIN is like root on a Linux machine, so it doesn't make sense to restrict global TRAC_ADMIN from performing actions. If you were on a Linux machine and you wanted to give users some, but not all, superuser privileges you would use sudo/sudoers file. Similarly, TracFineGrainedPermissions are the mechanism you can use to grant TRAC_ADMIN for specific resources. It accomplishes the same thing you wish to accomplish by having a set of permissions not available to TRAC_ADMIN. The approach is different though in that you need to start thinking about which resources you want to allow a user to perform TRAC_ADMIN on. Some plugins may need modifications to properly support TracFineGrainedPermissions, for example: http://trac-hacks.org/ticket/11826 If you have trouble implementing it, just reply here with your configuration details and we can work through it. -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/trac-users. For more options, visit https://groups.google.com/d/optout.
