Best practice forum (Archived)

Log in as capability with limitations?

 
John Unnever
Log in as capability with limitations?
par John Unnever, Thursday 19 January 2017, 14:56
Groupe Partners
We are currently on Totara version 2.9.6.1. We are trying to develop a role that will provide an admin with access to "Log in as" another user for the purpose of completing a document on their behalf but we do not want them to have the ability to change any of the user profile. 
 
We have allowed the following capabilities:
 
User: Edit User Profile
         View User Full Information
Course: View Reports
            See User Full Identity in Lists
            Login as Other Users
            View User Profiles
 
The capabilities listed above do not allow for the search of another user account. We have tried several different capabilities and nothing is working the way we would like it to. Can anyone help us locate a capability in Totara that will give an administrator user search abilities but not update a user profile? 
Craig Eves
Re: Log in as capability with limitations?
par Craig Eves (Totara Support), Thursday 19 January 2017, 16:11
Groupe Totara

Hi John

If you look at the Site manager role there are some permissions Edit user profile - this capability can only be applied in a system context. I prevented this and applied to user in system context.

I did do this but when I logged in as a user I was able to edit the users profile.  I think what happens when you login as the user you receive all of the permissions of that user so if the user has Edit own profile allowed then this allows the profile to be edited. So to achieve this the authenticated user would need Edit own profile prevented which may not be suitable.

Another possibility when using login as , depending on how accounts are created is to lock user fields so they can't be changed by the user under Plugins > Authentication > Manual accounts.

regards

John Unnever
Re: Log in as capability with limitations?
par John Unnever, Monday 23 January 2017, 12:06
Groupe Partners

What permission allows for an admin to search for users under Site Administration > Users > Browse list of users?

Craig Eves
Re: Log in as capability with limitations?
par Craig Eves (Totara Support), Monday 23 January 2017, 14:59
Groupe Totara

Hi John

Sorry I can't find a permission specifically for searching fro users - not every menu action has a permission. I would expect the user search permission should be under the System heading below but can't see this listed.

user system permissions

regards