better read only administrator access control
We need to give some Admins read only permission to our members data but also full Events admin access. In this case we would want them to maintain the 'write' access associated with the Events Admin but also have the additional Read Only components added with the 'RA' access.
The selector does not allow this combination to be selected.
This is a critical issue which is preventing some of our members from fulfilling their roles in our club. We do not want to solve it bu giving them full configuration access.
The ability to separate core configuration access and read access for each of the main access types, and to be able to select a combination thereof would address this (although our priority for this is for Membership data)
Stephen Warren commented
After a bit more experimentation, it turns out Event Manager can view the contacts and the members *lists* (which just happens to include the required active vs. lapsed status), just not the detailed membership page for each user. This fulfills our basic need currently, but eventually we want docents to be able to see the full member details, since we want to define some additional custom fields such as "has taken online course XXX", which don't show up in the lists, but rather only show up on the per-user details pages.
Stephen Warren commented
I want a docent at our makerspace to be able to view membership details, such as whether a user's subscription is up-to-date i.e. whether they've paid this month. That way, they can avoid giving in-person services to members who haven't started paying or whose payment has lapsed. For most docents, I simply make them "Account administrator (read only access)" which works well.
However, if this docent is already an event manager, there is a problem. They can't be both "Event Manager" _and_ "Account administrator (read only access)". Is there a way to allow people to view not just "contact info" (which Event Manager includes) but also view membership info (which Event Manager does not include), while retaining Event Manager capabilities, or to give them baseline "read everything" capabilities along with Event Manager?
Randy Getz commented
I agree with other comments here. Specifically, I would like most of those who have limited admin read / write to be able to read MOST of the admin areas of the site. Most would not need to access the Account page and some would not need to access Membership details.
I completely agree with this - I need to be able to provide read only access to the entire site, along with limited administrator access to events or newsletter. The only solution is to grant full administrator access which is a huge security risk. Any traction on addressing this?
It would be great if we could give Limited Administrator Read Only , ie. read only membership or read only events. That way a chair could be a regular limited Admin and the committee members could be read only for that area. The only way I see to do that now is to give total Account Administrator read only.
Gayle Butler commented
Make it possible for limited administrators (like the membership or events admin) to have read-only access to the entire site.
This would be helpful in resolving questions about records, and also for training.