Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SuperUser permission seems too broad #16855

Closed
eenblam opened this issue Dec 1, 2020 · 2 comments
Closed

SuperUser permission seems too broad #16855

eenblam opened this issue Dec 1, 2020 · 2 comments
Labels
duplicate For issues that already existed in our issue tracker and were reported previously.

Comments

@eenblam
Copy link

eenblam commented Dec 1, 2020

Hi there - thanks for working on Matomo!

Is it possible to provide users with more specific permissions, like "add a website," without giving them the SuperUser ability to hit that shiny "NEW UPDATE: MATOMO X.Y.Z" button? For example, a web dev team might want to launch a website and add it to Matomo, but they should never need to kick off a database migration.

(This is especially unfortunate if they mistakenly clicked the button, triggered a database migration to 4.0.0, but you run Matomo in Docker, and at the time there was no 4.0.0 image to match the database you were upgraded to.)

We consulted FAQ #140, "How do I prevent Super Users from doing specific high risks administrative actions?", but enable_general_settings_admin doesn't quite handle this. It hides the update settings from the admin UI, but it doesn't prevent the shiny update button at the top of the screen.

Is this currently possible? (We rolled back our database to 3.x as best we could, so maybe it's new in 4.x already and we just can't see it?) Thanks!
@tsteur tsteur added the duplicate For issues that already existed in our issue tracker and were reported previously. label Dec 2, 2020
@tsteur
Copy link
Member

tsteur commented Dec 2, 2020

Hi @eenblam thanks for creating this issue.

you could set the config [General]enable_auto_update=0. This way only a manual update will work (and after updating files manually you need to run ./console core:update command). If you still wanted to do the update as a super user then you could temporarily set the setting to 1.

I'll close this issue otherwise as a duplicate of #6660 and #1568

@tsteur tsteur closed this as completed Dec 2, 2020
@eenblam
Copy link
Author

eenblam commented Dec 4, 2020

@tsteur Thanks, we'll give it a shot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate For issues that already existed in our issue tracker and were reported previously.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tsteur @eenblam