WTH!? No RBAC - Role Based Access Control? (Users & Groups rights)

I don’t consider this to be even close to the same as RBAC. I have to hide add-ons from the side menu, which make it pain for those admins to access through the add-on screen. It’s a pretty large missing feature.

“Lock down” is not the correct choice of words here. Obscure at best. This literally just hides it the option from the navigation, if that user enters the URL for the dashboard directly it still opens no matter what you have set there.

Besides even if this did actually lock down who could see that tab it’s still only a UI control which means it can never be more then security by obscurity. For something to be RBAC it needs to be worked into the API.

That being said, there is some amount of actual RBAC controls for the brave that want to try it. See balloob’s post above for how to use it. I have not tried this feature myself so I am not recommending it, just reminding people that it exists. And for any developers interested in this that are willing to work on it, that’s a good place to start from.

1 Like