Changes for page Admin Visibility Rules

Last modified by karimpirani on 2014/07/03 15:48
From version Icon 2.1 Icon
edited by sghareeb
on 2014/06/24 19:40
Change comment: There is no comment for this version
To version Icon 3.1
edited by karimpirani
on 2014/07/03 15:48
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.sghareeb
1 +XWiki.karimpirani
Content
... ... @@ -1,10 +1,8 @@
1 -Super Users, Domain Administrators and Organizational Unit Administrators all have different levels of visibility as to what they can do in the Admin Console.
1 +Super Users, Domain Administrators and Organizational Unit Administrators all have different levels of visibility and authority as to what they can do in the Admin Console. This page outlines those rules.
2 2  
3 -This page outlines those rules.
4 -
5 5  
6 6  
7 -= Super Users =
5 +==== Super Users ====
8 8  
9 9  Super users are unconstrained users. They can see and do everything in the system.
10 10  
... ... @@ -18,25 +18,25 @@
18 18  
19 19  
20 20  
21 -= Administrators =
19 +==== Administrators ====
22 22  
23 23  Administrators are users who have access to at least one administration screen. There are two administrative levels: domain and organizational unit.
24 24  
25 25  
26 26  
27 -=== Domain Administrator ===
25 +==== Domain Administrator ====
28 28  
29 29  A domain administrator is governed by the permission DOMAIN_ADMINISTRATOR. Domain administrators will always see **all data** on any screen for which they have access.
30 30  
31 31  
32 32  
33 -=== Organizational Unit (OU) Administrator ===
31 +==== Organizational Unit (OU) Administrator ====
34 34  
35 35  An OU administrator is governed by the permission OU_ADMINISTRATOR. OU admins will only see data for the OUs (and all child OUs) for which they are **responsible**.
36 36  
37 37  
38 38  
39 -= Order of Precedence =
37 +==== Order of Precedence ====
40 40  
41 41  All users will be shown the greatest amount of data granted to them. A user can have as many of the admin permissions granted to them but the order of precedence is:
42 42  
... ... @@ -44,19 +44,19 @@
44 44  
45 45  
46 46  
47 -= Data Visibility in Modules =
45 +==== Data Visibility in Modules ====
48 48  
49 49  Here is the rule for data filtering on screens for each permission. Only the screen:sections below have specific rules regarding data visibility across the permission sets.
50 50  
51 51  
52 52  
53 -=== Admin Module ===
51 +==== Admin Module ====
54 54  
55 55  The main idea behind these filters is that users are only allowed to modify users/relationships below their level. (e.g. Domain admins cannot modify each other). Also, OU admins are bound to whatever OUs for which they are responsible.
56 56  
57 57  
58 58  
59 -=== **//The simple rule is//**: You cannot modify yourself, any of your roles, your responsibilities, or any users/roles at or above your level. ===
57 +__**The simple rule is**__: You //cannot //modify yourself, any of your roles, your responsibilities, or any users/roles at or above your level.
60 60  
61 61  
62 62