...
Requirement | User Story | Importance | Jira Issue | Notes | |||||||
---|---|---|---|---|---|---|---|---|---|---|---|
1 | New System Role - System Manager (lower level admin) Default Permissions / Section Access
|
| |||||||||
2 | New System Role - User Manager
|
| |||||||||
3 | New System Role - Read Only Admin
|
|
|
|
| ||||||
4 | No System Role (apart from System Admin) should have access to edit system roles |
| |||||||||
5 | Every change made by any admin needs to be included in the audit log |
| |||||||||
6 | Chat-facing experience should not be impacted for any users assigned a system role other than System Admin. These Admin roles should have the same permissions as members on chat side (unless they are also team/channel admins - in which case, the higher scoped permissions apply. e.g. System Manager or User Manager should not be able to
|
| |||||||||
7 | Each admin role can be measured per server for usage analysis |
|
Requirements: Phase II (Editable Privileges using mmctl)
Requirement | User Story | Importance | Jira Issue | Notes | |||||||
---|---|---|---|---|---|---|---|---|---|---|---|
1 | Each of the permissions / section access can be granted or removed from a system role (all users with that role have the same access) |
| |||||||||
2 | Obscure All Stored Credentials Example: Global Relay |
| |||||||||
3 | No privilege should be capable of elevating anyone to system admin or impersonating system admin. Examples:
|
| |||||||||
4 | No privilege should be capable of deactivating or demoting another admin. Examples:
|
| |||||||||
5 | No system role can join private channels without being invited. This includes auto-joining private channels via permalink |
| |||||||||
6 | Telemetry added to track changes to default admin roles:
|
Requirements: Phase III (Manage Roles & Privileges via System Console)
...