Feature request: permissions overhaul
Lately I've been seeing a lot of disconnected feature requests regarding similar issues. Since the AdventNet guys seem to like new suggestions, I'm going to try to start putting some of them together in the form of major feature revision requests, starting with this one. I'd appreciate it if one of the support guys would make this a sticky thread. 8)
The current permissions system is both vague about what privileges actually fall under the permission levels, and limited in the ability to be tweaked as needed. Therefore, instead of asking for more permissions to be added, I propose a complete overhaul of the permissions system, making it more dynamic for the end-user's needs. Here's an example of what I'm thinking of:
[list=1:f5e0b1aee7] *  Redesign the Roles configuration to allow roles to be created for requesters as well as technicians, and move the "department head" option to this area, which is where it should be
*  For requester roles, add permissions for things like:
[list=a:f5e0b1aee7] *  edit or cancel requests they themselves have submitted
*  assign the "department head" for one or more departments to users without needing them to be in that department themselves
*  allow said assigned department heads to edit requests on behalf of their users
*  view and edit/cancel requests on behalf of other specified users
*  View (but not edit) all requests in the system
*  For technician roles, split the vague "Edit" permission into more specific ones, for example:
[list=a:f5e0b1aee7] *  edit requester details
*  edit request content
*  edit request notes
*  edit request timestamps
*  Add an option to restrict technicians from adding requests under other users' names
*  Add more specific permissions for the Purchase module (such as "Add new vendor") so that technicians can be allowed to do the necessary work without being a full admin
*  Make "Full Control" really mean full control of all the specified modules, with the exception of having access to the Admin tab for changing the core system configuration
Basically, any part of the modules that could need modification should have a permission for it, instead of the all or nothing system currently in place. A system like that would be much more dynamic in allowing people to setup the exact type of user access that their situation calls for, as opposed to simply adding more single options here and there, based on the demand. I think a more advanced permissions system would help attract people to this product.
I'm sure there's more I could add to this if I thought about it long enough, but it's a good start. And as stated above, I would like additional input from other users since I couldn't possibly imagine all the types of permissions people would want to use in their unique situations. Even if you have no comment about the exact features list, please vote in the poll on whether or not you want to see these features added.
The current permissions system is both vague about what privileges actually fall under the permission levels, and limited in the ability to be tweaked as needed. Therefore, instead of asking for more permissions to be added, I propose a complete overhaul of the permissions system, making it more dynamic for the end-user's needs. Here's an example of what I'm thinking of:
[list=1:f5e0b1aee7] *  Redesign the Roles configuration to allow roles to be created for requesters as well as technicians, and move the "department head" option to this area, which is where it should be
*  For requester roles, add permissions for things like:
[list=a:f5e0b1aee7] *  edit or cancel requests they themselves have submitted
*  assign the "department head" for one or more departments to users without needing them to be in that department themselves
*  allow said assigned department heads to edit requests on behalf of their users
*  view and edit/cancel requests on behalf of other specified users
*  View (but not edit) all requests in the system
*  For technician roles, split the vague "Edit" permission into more specific ones, for example:
[list=a:f5e0b1aee7] *  edit requester details
*  edit request content
*  edit request notes
*  edit request timestamps
*  Add an option to restrict technicians from adding requests under other users' names
*  Add more specific permissions for the Purchase module (such as "Add new vendor") so that technicians can be allowed to do the necessary work without being a full admin
*  Make "Full Control" really mean full control of all the specified modules, with the exception of having access to the Admin tab for changing the core system configuration
Basically, any part of the modules that could need modification should have a permission for it, instead of the all or nothing system currently in place. A system like that would be much more dynamic in allowing people to setup the exact type of user access that their situation calls for, as opposed to simply adding more single options here and there, based on the demand. I think a more advanced permissions system would help attract people to this product.
I'm sure there's more I could add to this if I thought about it long enough, but it's a good start. And as stated above, I would like additional input from other users since I couldn't possibly imagine all the types of permissions people would want to use in their unique situations. Even if you have no comment about the exact features list, please vote in the poll on whether or not you want to see these features added.