Hi Torben and congratulations to your first post here
Basically they want to control everything which is possible with the policy.yaml in a User Interface.
I totally agree that we are missing some UI features for permission management and visualization. But personally I’d be very strongly against some kind of fully-fledged
Policy Editor for productive environments because that could be quite dangerous and error prone.
We used to have the Roles defined in the database but changed this a long time ago because we now consider a Role something that should not be specific to one instance of neos but rather a concept of the whole application.
The same thing holds true for privilegeTargets IMO.
Here’s my vision of some measures we could take to improve the situation:
- Improve the UI so that it is much easier to visualize the permissions of each individual user
- Create some ACL Editor (maybe based on the one Sebastian shared) but not meant to be used within a productive site (IMO) but more as a kickstarter that can export
- Introduce the notion of a User Group
The last part is IMO the most profound and it would require a change in the Flow Core.
The idea is basically that you can assign a Backend User to some Role (like today) but at the same time be able to specify some parameters. For example: User X has the role
NewsEditor for category
It is described here. Unfortunately we never got around finishing that because there was no urgent need. But as it comes up from time to time I’d love to tackle this one at some point…
The question is, whether this would solve your specific use case. So, like Sebastian, I’d like to know more about that