On Friday, June 20, 2014 11:59:26 AM UTC-7, KateYoak wrote: > > I ran into a similar thing with BlackMagic plugin - the one that lets you > have field-level permissions. Wanted to grant access to financial fields to > the finance folk - but not the whole company. I am pondering whether it's > a good idea to just add a feature to trac to create a group of permissions > which are not available to TRAC_ADMIN >
TRAC_ADMIN is like root on a Linux machine, so it doesn't make sense to restrict global TRAC_ADMIN from performing actions. If you were on a Linux machine and you wanted to give users some, but not all, superuser privileges you would use sudo/sudoers file. Similarly, TracFineGrainedPermissions are the mechanism you can use to grant TRAC_ADMIN for specific resources. It accomplishes the same thing you wish to accomplish by having a set of permissions not available to TRAC_ADMIN. The approach is different though in that you need to start thinking about which resources you want to allow a user to perform TRAC_ADMIN on. Some plugins may need modifications to properly support TracFineGrainedPermissions, for example: http://trac-hacks.org/ticket/11826 If you have trouble implementing it, just reply here with your configuration details and we can work through it. -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to trac-users+unsubscr...@googlegroups.com. To post to this group, send email to trac-users@googlegroups.com. Visit this group at http://groups.google.com/group/trac-users. For more options, visit https://groups.google.com/d/optout.