Archived Forum

But would your proposal be a near duplication of this: http://openenergymonitor.org/emon/node/5322 ?

That's true but i do think of module that will be just added to the existing emoncms

I also think multi-level users would be a great addition to make emoncms more flexible and scalable by improving the way it can be managed and made accessible to more users.

It is similar to the multiuser - 3 tier emoncms application thread but the suggested method of execution in that thread is not recommended. 

I had commented in that thread but moved my comments here so as not to promote the wrong method. Whether a "Module" is the way to go I'm not sure but I support a discussion and hopefully some development in this area.

In addition to the 2 users wanting multi-level support in that thread here is another recent enquiry http://openenergymonitor.org/emon/node/10163#comment-28337

and here is a similar request http://openenergymonitor.org/emon/node/3574

Paul

That's also true pb66 because the major reason of multi-level users is to minimize emonCMS data vulnerabilities and  maximize its security,however sharing the API key will do the opposite way unless more measures and techniques are deployed.

I don't think Paul was suggesting that APIkeys should be shared. In fact, the way I read his comment, he was saying exactly what you are saying, APIkeys should not be shared.

It was Brisco who wanted to hard-code his APIkey and then add further security to restrict his sub-set of users, giving to them several layers of permissions within that.

Yes, thanks Robert, I am not in favor of sharing apikeys and do not think that is the way forward. That being said I do understand why (and could possibly be even tempted myself)  to go that route to achieve something that is currently not catered for as a work around.

Paul

Sometimes it has to be so. I am in a similar situation with a number of websites that I administer/maintain for various people. In each case both they and I have access to the website host and the database and share the same usedID and password (because that's the only way the hosting provider allows), but in only one case do they actually use that access. The rest tell me what to change or send me the content and I do it. In one of the other cases, it's WordPress-based and the owner and I have separate accounts, but both with admin rights so we each have our own password even though we have identical (not "the same") permissions. The owner submits and edits the content and I do the technical bits of the admin work.

There is also accountability to consider, It makes me uncomfortable when someone wants to give me their log in to check or do something for them. From that point forward (until they change their login which never happens) I become suspect number one if anything happens that the user cannot explain or believes wasn't them, even if they don't suspect me I usually feel compelled to confirm that (which now on reflection probably looks like an admission of guilt).

Paul

Wordpress is very powerful CMS for me and i learnt a lots about its modular architecture design and it works well especially in membership and user permission. Well why should we get one for our emonCMS like other CMS's?