Versions Compared

Old Version 32

changes.mady.by.user Dennis Kittrell (Deactivated)

Saved on

compared with

New Version Current

changes.mady.by.user Dennis Kittrell (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Requirement

User Story

Importance

Jira Issue

Notes

1

New System Role - System Manager (lower level admin)

Default Permissions / Section Access

  • Edition & License - Read Only

  • Reporting - Read Only

  • User Management - Can Edit

    • Read Only Permissions

  • Environment - Can Edit

  • Site Configuration - Can Edit

  • Authentication - Read Only

  • Plugins - Read Only

  • Integrations - Can Edit

  • Compliance - No Access

  • Experimental - No Access

Status
colourRed
titleHIGH

2

New System Role - User Manager

  • Edition & License - No Access

  • Reporting - No Access

  • User Management - Can Edit

    • Read Only Permissions

  • Environment - No Access

  • Site Configuration - No Access

  • Authentication - Read Only

  • Plugins - No Access

  • Integrations - No Access

  • Compliance - No Access

  • Experimental - No Access

Status
colourRed
titleHIGH

3

New System Role - Read Only Admin

  • Read only access to system console

  • No Access to Compliance

 

 

Status
titlelow

 

 

4

No System Role (apart from System Admin) should have access to edit system roles

Status
colourRed
titleHIGH

5

Every change made by any admin needs to be included in the audit log

Status
colourRed
titleHIGH

6

Chat-facing experience should not be impacted for any users assigned a system role other than System Admin. These Admin roles should have the same permissions as members on chat side (unless they are also team/channel admins - in which case, the higher scoped permissions apply.

e.g. System Manager or User Manager should not be able to

  • Convert a private team to public (new permission only for System Admin)

  • View email addresses of members if not globally allowed

  • Edit/delete others' posts if not globally allowed

Status
colourYellow
titlemedium

7

Each admin role can be measured per server for usage analysis

Status
colourYellow
titlemedium

Requirements: Phase II (Editable Privileges using mmctl)

Requirement

User Story

Importance

Jira Issue

Notes

1

Each of the permissions / section access can be granted or removed from a system role (all users with that role have the same access)

Status
colourRed
titleHIGH

2

Obscure All Stored Credentials

Example: Global Relay

Status
colourYellow
titleMedium

3

No privilege should be capable of elevating anyone to system admin or impersonating system admin.

Examples:

  • Reset admin passwords

  • Change admin email addresses

  • Modify SAML/LDAP Admin filter

  • Installing an unsigned plugin

Status
colourRed
titleHIGH

4

No privilege should be capable of deactivating or demoting another admin.

Examples:

  • Modify SAML/LDAP guest/user filters

Status
colourYellow
titleMedium

5

No system role can join private channels without being invited. This includes auto-joining private channels via permalink

Status
colourYellow
titleMedium

6

Telemetry added to track changes to default admin roles:

  • Total count of roles not using default privileges

Requirements: Phase III (Manage Roles & Privileges via System Console)

...