Visibility of categories to administrators

(Clay Heaton) #1

When editing a category and setting the Security permissions, one of the options is to allow admins to have permissions.

However, this setting is ignored. Take this example:

  • I created a group called notes_clay and only added myself to it.
  • I created a category called Clay's Notes and set the Security settings such that only people in the notes_clay group could Create/Reply/See. There are no other permissions.

Regardless of this setting, administrators always can see the category; they can see all categories, all the time.

Certainly any administrator can and should be able to go into groups and add themselves to a group. However, in our instance, we have a use case for creating “private” categories that are only (routinely) visible to the user in the group that has permissions for the category.

Our use case: we use categories for tracking project discussions and work. Discourse is on our intranet. Some of the projects require an NDA and though I’ve signed many of the NDAs, I haven’t signed all of them. Same goes for the other admin. We need the ability to get into the category to help if there’s a Discourse problem, but otherwise, it would be better if we couldn’t see posts in them.

It’s a minor issue, but I just thought I would point it out. What I would do is:

  • admin visibility is determined by the settings, as expected, and “admins can Reply/See/Edit” is a default Security setting for a new category (along with “everyone”)

(Jeff Atwood) #2

Impossible, admins by definition can see everything. What you are asking for would break some fundamental assumptions about how the system works.

Remove these people from admin role if they need to be unable to see certain things.

Alternately have people log in as admin only when admin actions are needed.

(Dave McClure) #3

In that case, this does just sound like a UX issue where the category permissions dialog shouldn’t allow you to attempt to set permissions for the admin group.

(Sam Saffron) #4

We should display an immutable admin can do everything always in that dialog