Administrators can only access data if marked as superusers

tdgjrb · February 22, 2017, 5:26pm

I have been testing with phpList v 3.3.1 and I am now ready to add other administrators and open up the app for wider use.

I have been using an administrator account with the “Superuser” checkbox and all privileges.

When I add other administrators, the privilege checkboxes seem to limit the functions they can access, but none of the existing data on subscribers, lists, campaigns or statistics appears unless I check the “Superuser” option for those administrators, which seems to defeat the intent of the settings.

Fwiw, I updated from 3.0.12 to 3.2.7 to 3.3.0 before getting to 3.3.1 where I have spent the most time.

Am I missing something very basic?

Thanks!

samtuke · February 23, 2017, 9:37pm

Hi @tdgjrb, happy to hear phpList is working out for you.

Non superusers have their own lists and campaigns which are private from other non superusers. phpList was designed this way; only superusers can see all subscribers and lists.

tdgjrb · February 23, 2017, 10:34pm

Thanks Sam!

I certainly missed that.

Which leads me to the next questions (to which RTFM is an acceptable answer).

Is there a way to change the ownership of a superuser list to a non-superuser administrator?
Do all non-superusers share the other lists or is each list private to each administrator?
If each administrator has its own lists, is there a way to share lists between administrators with different privileges?

Thanks for enlightening me.

John

danwaterloo · February 24, 2017, 6:06am

You can do this by going into the database, and changing the owner of the list to an administrator.
Each non-superusers can only see their lists.
No

duncanc · February 24, 2017, 7:23am

No need to do that. You can change the owner of a list on the Edit List page.

tdgjrb · February 24, 2017, 8:16pm

Duncan, Dan and Sam,

Thanks for throwing some light to the ignorant.

This isn’t how I would have designed it, but I now understand and can work within phpList security model.

Cheers!

Geoff · February 27, 2017, 11:21am

Hi, I have also raised this issue a couple of times - in particular with DuncanC - as the use of segments is really great with large subscriber lists. I cannot justify giving SuperAdmin access to all users as giving everyone access to system config setting would simply not be acceptable to our auditors at the council.

I have also suggested an alternative which would be to allow the tick boxes to appy to SuperAdmin users too - but as yet the only response has been phplist doesn’t do that.
The ability to do this would allow the system/config option to be hidden even though they have been given SuperAdmin privileges. Other customisable restricted privileges like ‘Manage Plugins’ would be useful too.

Please can someone relook into why a solution to this problem cannot be found. .

samtuke · March 10, 2017, 12:36pm

@Geoff Do you know if this is already a feature request on the issue tracker? If not, please add it, so we can track its progress there.

johntrot · March 10, 2017, 3:43pm

Phplist took a giant leap forward with the multiple content plugin and a step back when the old Administrative levels were removed. I have to to do ten times the work now as the superAdmin because I cannot allow the other Admins access to the program as I would like. Unfortunately, I am terrible at writing code or I would look at an Admin plugin with multiple levels and access rights. When I gave a couple of regular Admins super status because I was going on vacation, they actually downloaded the entire list of emails because they wanted to see who was on other lists. Needless to say, I no longer give anyone access to the main list or super status.