12
Administrator with read-only permission
Idea shared by Manuel - 10/7/2014 at 5:00 AM
Declined
Hello,
it's possibile, in next SmarterMail release, to have administrator account with particular permission or with read-only permission ?
 
Tnx
Manuel
GRAFFITI — It's Communication
Riva del Garda (TN), I-38066 – Località Pasina 46
Milano, I-20129 - via Lamberto De Bernardi 1
Verona, I-37134 - via Legnago 126
San Francisco, US-94111 California – 275 Battery St, Suite 2600
website: www.graffiti.it

9 Replies

Reply to Thread
0
Employee Replied
Employee Post
Hey Manuel,
 
Currently in SmarterMail when an administrator user is created, they have full access to administrator rights of the installation.  At this time there is not a way to set 'read-only' permissions for administrator users.  This could be considered as a feature for future versions of SmarterMail though.
 
Thanks
6
Manuel makes an extremely valid point here, and I would back up this request and ask that sub-administrator accounts be subject to rules set by the SmarterMail admin account when the domain is created.
 
Current, any additional admin account can do anything the primary administrator account can do, including changing the primary domain administrator's password.  
 
Secondary domain administrators can also delete the primary administrator account.
 
This issue needs to be addressed ASAP!  At the very least:
  • Secondary domain administrators should NOT be able to change the primary domain administrator account passwords.
  • Secondary domain administrators should NOT be able to delete the primary domain administrator account.
 
I would take this so far as to propose additional "administrative levels."
 
  1. Primary administrator: create and delete user accounts; change passwords; create, enable and disable CUSTOM CSS and COLOR for entire domain;
  2. Second level administrator: create and delete user accounts; change passwords on all accounts -- with the EXCEPTION of the primary administrator; can modify newsletters created, and administrated by, all Mailing list administrators;
  3. Third level administrator: change passwords on third level accounts only; no user creation, deletion or modification; can modify newsletters created and administrated by all Mailing list administrators;
  4. Mailing list administrator: can create, modify and delete ASSIGNED mailing lists only; no user creation, deletion or modification; no password changes; no modifications to any mailing lists except those to which he or she is assigned. 
The above listed security levels are suggestions only.  
 
EDIT NOTE: Items #2, #3 and, #4 were edited on 2014/10/09 at 0749 hours CDT
 
Other SmarterMail administrators may have additional administrative level security suggestions, but lower level administrator accounts should never be able to modify or compromise the integrity of any higher level administrative level account. 
 
Thanks, in advance, SmarterTools, for delving further into this very important issue.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Totally agree with the above! We needed this ages ago.
0
bump
 
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
1
Found this old thread when looking to see if there was any way to limit administrator access. Please SM - consider adding this feature very soon. I want to give admin rights to another user, but I don't really want to give them full open access to everything. If we were able to specify which areas of the service they can access would be great. Specifically I'm looking to have this secondary admin account only have the ability to access the settings under the Security tab. Nothing under domains, and no other settings.
0
Amen to all the levels. At the very least, we would need a type for administrator that cannot modify anything to the Primary Administrator and cannot impersonate any users. And this should be a feature sooner, rather than later.
2
One of these Admin levels should not have the ability to see contents of emails.
J. Sebastian Lee Service2Client LLC 6333 E Mockingbird Ste 147 Dallas, TX 75214 - 877.251.3273
0
Absolutelly!
0
Andrea Free Replied
Employee Post
Hi everyone,
 
Thank you all for your participation in this thread! I'm sorry to report that after much consideration, we will be marking this thread as Declined. At time this, modifying the administrator privileges is not currently on our road map. 
 
Thank you again for your feedback!
Andrea Free SmarterTools Inc. 877-357-6278 www.smartertools.com

Reply to Thread