I've made a piwik setup for multiple website accounts, and intergrated it in my CMS system. Also the admin-users are 'added' from my CMS.
When I go to the piwik UsersManager page with admin level permission, I see a list with all the admin accounts from the other websites.
The only connection of these admins to each other is that they are related to me, nothing else, and I would not like to give a clientlist to all my clients ..
I've found an old ticket/request, but still no solution.
I would suggest that this setting could be managed in the config.ini, or as a config databasesetting.
If admin level, dont't show UsersManager.
only show admins already connected to that webaccount.
Keywords: UsersManager admin
Thanks for the suggestion!
What was the other ticket you found?
See also slightly related #1568
I think this ticket (3 years old) would describe the same problem
#1568 describes a more advanced role system.
Role systems are great, but people are lazy and settings can become complex (why grant admin this option, and not this option - people have to think to much, and mainly use default settings...). And technically it is a lot of development and extra maintenance.
I think the solution for multi website installs can be more simple, by grouping the admin users to an account.
Think of multiple fishponds with groups of fishes, and still be able connect some ponds together...
This way you have the benefits of adding admins, grant admins acces to other accounts etc, like now.
If an admin (A) is connected to site A, and also to site C, D, E every new user /admin added in A,C,D etc will have the same options within this usergroep, because they are related to each other.
But, when admin (B) is not grouped into site A, he will only see users of his own site B.
Only a superadmin can grant admin (B) acces to the group of admin (A) I think with only a extra field like groupid in the acces table, and some adjustments in the code, you can achieve this..
I hope I explain my idea correctly
I think we could add a new config setting to accommodate this use case. Please comment here if you are experiencing this issue!
We are experiencing the issue. We have more than 200 users in our piwik installation. Some of our users wanted to create and manage goals. We had to grant them admin privileges on their user account for their own website. The problem is that they can see all other users created in piwik installation. Is there any workaround?
For me, especially what carlocarma described is a problem. I want my users to setup goals but they should not see the other stuff, an admin can see.
Also +1 we also experiencing this problem. Have checked the config for an option but still not in it.
A bit of a shame if you ask me that this feature is lacking.
I also experiencing the problem with piwik. I want that my users to make setup goals but they shouldn`t see the other users. How can i resolve my problem?
another request for this feature from email:
Why does an user with 'admin' privileges see all users on a Piwik instance - including one with 'super admin' privileges?
It would be more appropriate that the (site) 'admin' user in Piwik could add extra users only for his website and grant them required permissions ('view' or 'admin').
At the moment we can have multiple websites tracked inside one Piwik instance. Let's say for example we have three (3) of them.
We have one user which is Piwik administrator, so we assign him a 'super user' role.
Each site has for example two (2) web analyst. If we don't want to bother a Piwik administrator with management of users with 'view' permissions for every site, we need a user with 'admin' privileges for every site we track inside one Piwik instance .
So far, so good ... we can do that and set up three different user accouns with 'admin' role - one for every website.
The problem is, that every user with 'admin' privileges sees all users which are configured inside one Piwik instance - including one with 'super admin' privileges.
And that is not ok. We need more "granular" privilege system which would allow a 'site admin' to manage only users for his website on his own - without interfering with users of other website inside the same Piwik instance.
adminpermission on one or more website, I want to assign
adminpermission to another existing user in Piwik. Clicking on Administration > Users > Manage access, for the website I have
adminpermission, users with some
adminaccess are listed (Super Users and users without access are not listed).
Invite a user to view reports for $websiteName
username or emailis displayed and focused. I can type a username and click "Invite" or so.
User was not found in this Piwik server. You may try again to invite someone using their username or email address.
viewpermission to the website (or
All websitesif it was selected in selector).
adminI can then simply click the admin button.
adminuser requests API -> will only return
adminusers for the given website.
viewuser requests API or for
anonymoususer -> should not list any other users
what do you think?
This issue can lead to sensitive data leak (usernames), which is not expected as a Piwik user, because we aim to live to high standards of privacy and engineer products in this way
Moved into 2.15.1 :+1:
when a view user requests API or for anonymous user -> should not list any other users
Should return maybe the own user ?
when a admin user requests API -> will only return view and admin users for the given website.
There is often no website given. Possibly we should check for which websites the user has admin access, and return all users that have view or admin access for these websites