[#5079] Can we put an ACL on the CB - Tools menu?

Hi,

There are 2 CB places where I don't want my administrators. It is the Plugin and the Tools section. The Plugin has an own ACL (it only doesn't remove from the dropdown menu). But I cannot find a ACL button for the Tools menu. Is that correct and maybe something for the next release?

Kind regards,
Nico

The Tools access uses the "Configure" permission found within CB > Configuration > Permissions.

Yes, I know but I cannot use that one because when I do it over there my Administrators/Managers can do almost nothing in CB anymore. My admins do they own configuration. Create new fields, tabs or lists whenever they want it. But I want to prevent that they can accidentally make a mess of the environment by using the tools (and plugin) section. Load example data and Canvas is something only a Super Admin or Developer should be able to do once or twice. Beside that I don't want to confuse them with submenu's where they never should have to do something.

That permission is only checked on the Configuration and Tools view. The other locations use their location specific permissions. For example plugin management permissions handle plugin tasks, which are configured in CB > Plugin Management > Permissions. You need to be more specific as to exactly what they can't do when using that permission so I can check the permission check.

If I deny access on that configuration level, the Administrators for who I have build the site cannot change important CB configuration settings that have to be changed over time. For example the content of the registration process mails and text fields. But also if they want to use moderators or other things in the future. They should not have to call a Super Admin for that. It is just content changing and putting options on or off, which will not harm the integrity of the system.

Maybe loading example data on a full production environment or canvas layout and synchronize and check database issues is not such a big thread as I thought, but I just don't understand why that should stay there for Managers and Administrators who will never have to use that and can only get confuse of it.

But for example, see attachment. My administrators will just click on the red button, only with the best intentions. But also without first understanding the impact and without making a DB backup and without informing me, even in the case it went wrong short after the click :blush:




But it's not that important as I can hack it out of the menu by some core code change. I only don't understand it and thought it was a forgotten issue.

We've already adjusted this permission at request as a user wanted admins to be able to use Synchronize Users. If we change the permission at this time in release it's going to break existing permissions. So changing it really isn't an option now. However, we could add new permissions for the individual Tools themselves. This way you could for example allow them to use Synchronize Users, but nothing else; would that work for you?