David Langenberg, U Chicago:
One of our offices, the College Programming Office (CPO), has a fairly complex set of web apps and content sites which are managed by a small set of admin users who then need to delegate lower levels of access out to other users on a site-by-site basis.
The levels of access that are involved include, but are not limited to:
- Global admins - those who have full admin on all sites and can add users
- Global users - those who can access all sites, but can not add other admins
- Site admins - have full access to one specific site
- Content editors - have some limited privileges to modify existing content on a site
- Site-specific users - may have access to some small section of one site
Currently all of these sites use LDAP logins for access, but the administrative privileges have to be managed on a site-by-site basis. With an office that includes many FTE’s and also a staff of 6-8 student employees who are changing on a yearly (or more frequent) basis, the management of these user tables can present a significant challenge.
If we were able to map out a specific set of privileges and specify them in one central location, adding, removing, and modifying users as they change, it could definitely save significant staff hoursContributions welcome.