aarontitus
commented
11 years ago From andy.n.g...@gmail.com on February 17, 2013 04:36:36 Implemented
in /admin, click Create Local Admin
Test
Open aarontitus opened 11 years ago
aarontitus
commented
11 years ago From andy.n.g...@gmail.com on February 17, 2013 04:36:36 Implemented
in /admin, click Create Local Admin
Test
aarontitus
commented
11 years ago From v...@aarontitus.net on February 18, 2013 17:39:07 Yes, I see the implementation. However, I think there is probably a better way to implement this. I'd like your thoughts:
Step 1: Global Admin chooses the Incident. Step 2: Editable password appears. Step 3: List of all contacts associated with Organizations participating in that Incident appear (hmm... that seems like a double join...), each with a checkbox. Step 4: Global Admin selects one or more contacts. On save, new contacts receive an email. Note: Identifying contacts as the Local Admin is technically just an act of good record keeping, and not authentication or access control. Un-checking a contact does not revoke access, since that person still has the Local Admin password. In order to revoke access, a person should be un-checked, and the password should be changed and then shared with the remaining Local Admins.
aarontitus
commented
11 years ago From andy.n.g...@gmail.com on February 23, 2013 07:31:05 I agree that this is better, but it will take some time before we come back around to fully implementing this.
aarontitus
commented
11 years ago From v...@aarontitus.net on February 25, 2013 02:54:27 OK. Marked to "Medium" in the interim.
Original author: v...@aarontitus.net (January 19, 2013 19:27:58)
The administrator will have various roles and responsibilities, including the responsibility to give access to some organizations active in disaster recovery. In addition to the system administrator, there should be a local administrator to whom the system administrator can delegate the authority to approve local organizations. The local administrator should have access to only one incident at a time, but will be in a much better position to determine whether an organization is legitimate/reputable/active locally.
Original issue: http://code.google.com/p/sandy-disaster-recovery/issues/detail?id=159