[Deploying Sakai] create limited admin workspace, limit admin functionality
Matthew Jones
matthew at longsight.com
Sun May 25 06:06:22 PDT 2014
Cool, I'd forgotten about about admin lite. Looks like what it provides is
completely reworked sites and realms tools that are more restrictive. The
problem with the tools in the admin workspace is that they check for the
specific "SecurityService.isSuperUser" permission because they don't
restrict, for instance, an non admin from being able to add themselves to
admin workspace. (Thus becoming admin)
There were some other tools like SakaiAdminX (
https://confluence.sakaiproject.org/display/ADMX/Home) which still might
work, and used webservices rather than internal api's to allow creation and
modification of site and other information. Using something like this or
REST (/direct) API's, for a new or modified sites tool (adminlite) does
seem like a way to go.
For general permission elevation in other course sites, generally delegated
access is used, but I don't think this would work for the tools that have
explicit isSuperUser checks.
On Sat, May 24, 2014 at 11:12 AM, Kurosch Petzold <
kurosch.petzold at fu-berlin.de> wrote:
> Hello,
>
> is there a way to create limited permission admin roles or create a second
> admin workspace with limited number of tools.
> If neither of them works, could anyone who has/had this problem at their
> institution/university/company explain to me how they solved it (if there
> is a solution to it at all).
>
> Or to get more to the fact of the actual problem is there a way to use
> sakai.sites without su?
>
> Best regards,
> Kurosch Petzold
>
> _______________________________________________
> production mailing list
> production at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/production
>
> TO UNSUBSCRIBE: send email to
> production-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
On Sun, May 25, 2014 at 6:54 AM, Steve Swinsburg
<steve.swinsburg at gmail.com>wrote:
> Hi,
>
> Sounds like you might need the Admin Lite functionality. Have a look here:
> https://jira.sakaiproject.org/browse/UMICH-232
> https://source.sakaiproject.org/contrib/umich/adminlite/
>
> cheers,
> Steve
>
>
> On Sun, May 25, 2014 at 1:12 AM, Kurosch Petzold <
> kurosch.petzold at fu-berlin.de> wrote:
>
>> Hello,
>>
>> is there a way to create limited permission admin roles or create a second
>> admin workspace with limited number of tools.
>> If neither of them works, could anyone who has/had this problem at their
>> institution/university/company explain to me how they solved it (if there
>> is a solution to it at all).
>>
>> Or to get more to the fact of the actual problem is there a way to use
>> sakai.sites without su?
>>
>> Best regards,
>> Kurosch Petzold
>>
>> _______________________________________________
>> production mailing list
>> production at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/production
>>
>> TO UNSUBSCRIBE: send email to
>> production-unsubscribe at collab.sakaiproject.org with a subject of
>> "unsubscribe"
>>
>
>
> _______________________________________________
> production mailing list
> production at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/production
>
> TO UNSUBSCRIBE: send email to
> production-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20140525/6ad29824/attachment.html
More information about the production
mailing list