Admin Users question 1.5.0 RC2
Playing around with the Profiles and Users; want to have a user below Superuser who can add other users (for example, a sales dept manager who could give salespersons access) and to do that, this user would need access to Admin Users...where they can see not only themselves and users below them, but also the Superusers...and are able to edit/delete them!
Have I done something wrong or is this a flaw in the plan?
The JSWeb Team
PCI Compliant Host Provider (UK/IRELAND) - ZenCart Specialists
Re: Admin Users question 1.5.0 RC2
LOL. In previous versions of Zen Cart, all users had access to all functions, including creating and deleting other users. Now that this functionality can be restricted to trusted users, you're worried that they might abuse it!
In large organisations security over user access rights is normally controlled very tightly and usually backed by paper audit trails and sign-off procedures. I've seen organisations with thousands of employees where this role is shared amongst just three people (and then only three in case one walks under a bus while another's on holiday).
Clearly that's overkill, even for a fairly large Zen Cart store. But the principle that creating accounts and profiles is a key aspect of security is still valid and if it's going to be delegated, it should only be delegated to people who can be trusted not to abuse the privilege, rather than for administrative convenience.
By rebusB in forum General Questions
Last Post: 21 Nov 2011, 04:24 AM
By Brickoneer in forum General Questions
Last Post: 9 Mar 2008, 06:13 PM
By psxboy500 in forum General Questions
Last Post: 28 Feb 2008, 06:19 PM
By jaxbakers in forum Managing Customers and Orders
Last Post: 15 Apr 2007, 01:19 PM
Content and Graphics Copyright (c) 2003 - 2013 Zen Ventures, LLC - all rights reserved
Zen Cart® is a Registered Trademark of Zen Ventures, LLC