- Posts: 3
- Thank you received: 0
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
Pre-Define some Prperties for other Users in Limesurvey (smthn like RBAC..)
- florianmoos
- Topic Author
- Offline
- New Member
Less
More
5 years 11 months ago #166612
by florianmoos
Pre-Define some Prperties for other Users in Limesurvey (smthn like RBAC..) was created by florianmoos
Hey everybody,
we're new to the Lime Survey CE and are currently evalutiong if this could be our future solution for internal Survey or elections.
I just want to know if it is possible to implement something like RBA(C) so we're able to prevent "normal" Users from creating Surveys with Features like "Log IP-Address" enabled?!
We're using LimeSurvey just for internal purposes but we do not want People to be able to deanonymize Survey participants by having IP-adresses, which can be easily run against the Domain DNS to get the ComputerName.
Is there something possible like this (or maybe something planned?) Or are we (IT Staff Members) forced to create the Surveys for all the People so we can Control that there are no such Features enabled?
(Little Background: We're a german governmental Organization so Data Protection Commissioner and work council want These Things not to be logged..)
If there's already a thread or Feature request for stuff like that, just let me know! But I wasn't able to find something related here or in the Bug/Feature Tracker section..
Thanks for your answers.
Kind Regards
Florian
we're new to the Lime Survey CE and are currently evalutiong if this could be our future solution for internal Survey or elections.
I just want to know if it is possible to implement something like RBA(C) so we're able to prevent "normal" Users from creating Surveys with Features like "Log IP-Address" enabled?!
We're using LimeSurvey just for internal purposes but we do not want People to be able to deanonymize Survey participants by having IP-adresses, which can be easily run against the Domain DNS to get the ComputerName.
Is there something possible like this (or maybe something planned?) Or are we (IT Staff Members) forced to create the Surveys for all the People so we can Control that there are no such Features enabled?
(Little Background: We're a german governmental Organization so Data Protection Commissioner and work council want These Things not to be logged..)
If there's already a thread or Feature request for stuff like that, just let me know! But I wasn't able to find something related here or in the Bug/Feature Tracker section..
Thanks for your answers.
Kind Regards
Florian
The topic has been locked.
- Joffm
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 12779
- Thank you received: 3940
5 years 11 months ago #166614
by Joffm
Volunteers are not paid.
Not because they are worthless, but because they are priceless
Replied by Joffm on topic Pre-Define some Prperties for other Users in Limesurvey (smthn like RBAC..)
Hi, Florian,
well, first thing.
Your "normal" users all are created by admins.
So all of them should be aware of your data protection rules.
If they do not keep to it, "Abmahnung", "Personalakte",...
Second:
There is an access control, I think you saw it already.
But what you desire is not available in LS, but as IT staff, you could create a trigger in the database to do something like that.
In the table "[prefix]_surveys" you find all interesting fields:
"anonymized"
"ipaddr"
and so on.
And the "owner_id", which shows, who created the survey.
IMO a trigger "before insert" could set all fields to your desired value.
Joffm
well, first thing.
Your "normal" users all are created by admins.
So all of them should be aware of your data protection rules.
If they do not keep to it, "Abmahnung", "Personalakte",...
Second:
There is an access control, I think you saw it already.
But what you desire is not available in LS, but as IT staff, you could create a trigger in the database to do something like that.
In the table "[prefix]_surveys" you find all interesting fields:
"anonymized"
"ipaddr"
and so on.
And the "owner_id", which shows, who created the survey.
IMO a trigger "before insert" could set all fields to your desired value.
Joffm
Volunteers are not paid.
Not because they are worthless, but because they are priceless
Attachments:
The following user(s) said Thank You: florianmoos
The topic has been locked.
- jelo
- Offline
- Platinum Member
Less
More
- Posts: 5070
- Thank you received: 1263
5 years 11 months ago #166639
by jelo
You might open a feature request about missing settings. To me it looks like a more granular permission system (e.g. block settings which would allow saving IP-adresses) would be the most important improvement. There are some signals that a overhaul of the permission system is on the watchlist of the developers.
There a some feature requests around improving permission system and further limits for users.
Currently you have more or less a admin-focused LimeSurvey. In a bigger organization you will end up with more than one LimeSurvey-installation. LimeSurvey.org is offering hosting to customers and they have a dedicated installation for each customer. So no multi-tenancy capability implemented at the moment.
bugs.limesurvey.org/view.php?id=12651
bugs.limesurvey.org/view.php?id=8751
bugs.limesurvey.org/view.php?id=7397
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
Replied by jelo on topic Pre-Define some Prperties for other Users in Limesurvey (smthn like RBAC..)
What is RBA? RBA(C)?florianmoos wrote: I just want to know if it is possible to implement something like RBA(C)
You might open a feature request about missing settings. To me it looks like a more granular permission system (e.g. block settings which would allow saving IP-adresses) would be the most important improvement. There are some signals that a overhaul of the permission system is on the watchlist of the developers.
There a some feature requests around improving permission system and further limits for users.
Currently you have more or less a admin-focused LimeSurvey. In a bigger organization you will end up with more than one LimeSurvey-installation. LimeSurvey.org is offering hosting to customers and they have a dedicated installation for each customer. So no multi-tenancy capability implemented at the moment.
bugs.limesurvey.org/view.php?id=12651
bugs.limesurvey.org/view.php?id=8751
bugs.limesurvey.org/view.php?id=7397
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The following user(s) said Thank You: florianmoos
The topic has been locked.
- orvil
- Offline
- Premium Member
Less
More
- Posts: 118
- Thank you received: 20
5 years 11 months ago - 5 years 11 months ago #166642
by orvil
Best regards/Beste Grüße,
O. Villani
Replied by orvil on topic Pre-Define some Prperties for other Users in Limesurvey (smthn like RBAC..)
RBAC = Role Based Access Control see
en.wikipedia.org/wiki/Role-based_access_control
.
It is implemented in Yii2 yii2-cookbook.readthedocs.io/security-rbac/ and a heavy meal
It is implemented in Yii2 yii2-cookbook.readthedocs.io/security-rbac/ and a heavy meal
Best regards/Beste Grüße,
O. Villani
Last edit: 5 years 11 months ago by orvil.
The following user(s) said Thank You: florianmoos
The topic has been locked.
- jelo
- Offline
- Platinum Member
Less
More
- Posts: 5070
- Thank you received: 1263
5 years 11 months ago #166659
by jelo
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
Replied by jelo on topic Pre-Define some Prperties for other Users in Limesurvey (smthn like RBAC..)
Thanks. LimeSurvey is currently based on Yii1. Moving to Yii2 is on the roadmap.
manual.limesurvey.org/LimeSurvey_roadmap#Planned_features
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The topic has been locked.
- florianmoos
- Topic Author
- Offline
- New Member
Less
More
- Posts: 3
- Thank you received: 0
5 years 11 months ago #166716
by florianmoos
Replied by florianmoos on topic Pre-Define some Prperties for other Users in Limesurvey (smthn like RBAC..)
Hey,
first of all: Thanks for all the quick responses! Didn't actually expected that
Second:
@joffm Where do I find the Access Control? Unfortunately I did not found the view you have..
The Hint with the Database Monitoring and the trigger if some fields are set is good. Thanks.
So I think we will implement something between technical Monitoring and Rules how to set up a correct internal Survey.
Regards
Florian
first of all: Thanks for all the quick responses! Didn't actually expected that
Second:
@joffm Where do I find the Access Control? Unfortunately I did not found the view you have..
The Hint with the Database Monitoring and the trigger if some fields are set is good. Thanks.
So I think we will implement something between technical Monitoring and Rules how to set up a correct internal Survey.
Regards
Florian
The topic has been locked.
- Joffm
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 12779
- Thank you received: 3940
5 years 11 months ago #166728
by Joffm
Volunteers are not paid.
Not because they are worthless, but because they are priceless
Replied by Joffm on topic Pre-Define some Prperties for other Users in Limesurvey (smthn like RBAC..)
Volunteers are not paid.
Not because they are worthless, but because they are priceless
Attachments:
The topic has been locked.
- LouisGac
- Visitor
5 years 11 months ago #166784
by LouisGac
Replied by LouisGac on topic Pre-Define some Prperties for other Users in Limesurvey (smthn like RBAC..)
for now the homemade LS permission system is based on users.
We planed to integrate a real RBAC permission system for ls4.
We planed to integrate a real RBAC permission system for ls4.
The topic has been locked.