dtarb
commented
9 years ago I agree with taking it out. Following are my thoughts
- we want to minimize admin interventions
- when there has been an admin intervention it should be transparent and justifiable
- If a user screws up on some sharing an admin can still go in and fix it. If the desired fix is for the user to have undoing capability the fix the admin should implement is to undo the mistakes the user made (that get logged as admin actions) and provide the user instructions for how to do it right (an important user education role) so the user can then take the action they originally wanted to take and if they get it right then they will retain undo capability (should the need it).
alvacouch
I implemented a limited ability for the administrative users to scam the system and act "as" other users. So, an admin user could execute "As X share Y with Z" and it would be indistinguishable from X sharing Y with Z. The use case for this is that if a user hopelessly screws up his or her sharing, an admin user could "become them" and straighten it out.
I am thinking of removing this capability:
The impact of taking the feature out is that if an administrator straightens out sharing for a user, that user would not have the normal privilege of undoing that sharing. Only the administrator could undo it. The reason for this is that the "undo" capability is built on top of the transaction log, which uses the current user id as the perpetrating user. That user -- in this case -- would be the administrator.