@eenblam opened this Issue on December 1st 2020

Hi there - thanks for working on Matomo!

Is it possible to provide users with more specific permissions, like "add a website," without giving them the SuperUser ability to hit that shiny "NEW UPDATE: MATOMO X.Y.Z" button? For example, a web dev team might want to launch a website and add it to Matomo, but they should never need to kick off a database migration.

(This is especially unfortunate if they mistakenly clicked the button, triggered a database migration to 4.0.0, but you run Matomo in Docker, and at the time there was no 4.0.0 image to match the database you were upgraded to.)

We consulted FAQ #140, "How do I prevent Super Users from doing specific high risks administrative actions?", but enable_general_settings_admin doesn't quite handle this. It hides the update settings from the admin UI, but it doesn't prevent the shiny update button at the top of the screen.

Is this currently possible? (We rolled back our database to 3.x as best we could, so maybe it's new in 4.x already and we just can't see it?) Thanks!

@tsteur commented on December 2nd 2020 Member

Hi @eenblam thanks for creating this issue.

you could set the config [General]enable_auto_update=0. This way only a manual update will work (and after updating files manually you need to run ./console core:update command). If you still wanted to do the update as a super user then you could temporarily set the setting to 1.

I'll close this issue otherwise as a duplicate of https://github.com/matomo-org/matomo/issues/6660 and https://github.com/matomo-org/matomo/issues/1568

@eenblam commented on December 4th 2020

@tsteur Thanks, we'll give it a shot

This Issue was closed on December 2nd 2020
Powered by GitHub Issue Mirror