Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
icon5.gif   admin user access admin page, not config page, posted by Szu-Ching Peckner on Tue Sep 18 17:57:47 2012 
    icon2.gif   Re: admin user access admin page, not config page, posted by Garret Delaronde on Fri May 10 17:37:24 2013 
Message ID: 67500     Entry time: Fri May 10 17:37:24 2013     In reply to: 67342
Icon: Reply  Author: Garret Delaronde  Author Email: garret.delaronde@gmail.com 
Category: Question  OS: Linux  ELOG Version: latest 
Subject: Re: admin user access admin page, not config page 

Szu-Ching Peckner wrote:

 We have multiple logbooks. Each user is admin user for his/her own logbook. 

I want user be able to modify config file, but no access to user setting, such as see user list, change password, new user, remove user. 

[logbook1]
Admin user = user1
Login user = user1, user2
Allow Config = user1
List Menu commands = Admin, Config

user1 click on Admin, it opens config file, when user1 click on save, user1 is brought to Config page, which has select user list on top, Change password, Remove user, New user buttons on bottom. Is there a way that admin user has access to config file, but no access to user info at all (not even presented to them).  Is there a way after user1 click save, page doesn't go to that config page?

I could put 
Deny Change password =
Deny Remove user
Deny New user

so when user1 click on those buttons, user1 will get command not allowed. However I would rather have user1 not even see that page. 

 

 

 If they have admin rights, the add user button cannot be removed as far as I know.

But even if they can add a user, they only have ability to add a user to the single logbook they are an admin on so they wouldn't be able to add users to other peoples logbooks.

Not sure it helps but that's about all I can really speak to.

ELOG V3.1.5-fe60aaf