phwizard
commented
8 months ago тоді добавити до юзера поле isSuperAdmin, і перевіряти у всіх методах де перевіряємо ACL ще на наявність цього поля? якщо воно є то незаллжно від ACL надавати доступи?
можна і так, але тоді потрібно щоб було isSuperAdminReadOnly - Read access to everything in the server (all Apps, Users etc) isSuperAdmin - Read, Update and Admin access to everything in the server і щоб якщо ти SuperAdmin тоді можна було призначати через ACL інтерфейс такі привілеї іншим юзерам
dzinzyura
Please extend the ACL functionality with the ability to assign Update and Admin rights to certain 'super users', or server admins. Once such rights are assigned, they will work for all Apps in the current DP Server, even those not created yet.
This is needed for example to access Statistics of all Apps by super users, to carry out technical support tasks etc where server support team needs to access all Apps data.
In most cases they only need read-only access, but for some of the server support team they might need Update, Delete and Admin privileges too.
This could be implemented either by: a) adding another ACL table for super user / wildcard / server-level privileges, similar to current table for App - level ACLs b) creating a special "SuperApp" or "AllApps" App entity which won't be a real app, it will only be visible to a SuperAdmin who has Admin rights to it and can assign other Users with ACL to it. Any User who has ACL access to this special "AllApps" entity automatically has same level ACL access to any other Apps in the server (unless they have a higher ACL access to any specific App in which case that takes precedence).