ISPConfig3 - Objects create with admin are imutable for clients

Discussion in 'General' started by anset, Feb 19, 2012.

  1. anset

    anset New Member


    I did some searching, but could not find an answer to my question. Please tell me and accept my apologies if this has been explained before.

    I created some websites and mailboxes for a client. When I did this, I was logged in as admin. Now it turns out that the client is not able to change the properties of those objects.

    I looked at the database and I notice that for those objects, the sys_userid is set to the admins id (1). I am assuming this is the reason that changes made by the client are (silently!) discarded.

    The sys_groupid is set to the correct client ID. However even though for most of the objects, the sys_perm_group is set to "ru" (the "u" meaning "update"?) the changes are still being discarded.

    Funnily, some of the objects have a group perm set to ruid, others only ru. I cannot see where I did something different, but in both cases, client updates are discarded if sys_userid = admin.

    Anyway. If my assumptions above are correct, can I edit the database manualy and set the sys_userid = sys_groupid = the users id for the objects I want to change this?
    Or will this "break stuff"?

    I could remove the objects and recreate them, but that would be quit a bit of work (especially the DNS entries...)

    The tables I am thinking about doing this to are:


    So am I making a big mistake fooling around with the database, or is this a (relatively) safe operation?

    Would it be a good suggestion to ask for a dropdown so that the admin user can set not only the "group" (this is the client dropdown) but also the "owner" of an object in the control panel forms? Or maybe a "customer may make changes" toggle button would be clearer?

    Thank you for any information,

  2. anset

    anset New Member


    Being the impation sob that I am, I went ahead and did the deed and it looks like it works as expected.


  3. till

    till Super Moderator Staff Member ISPConfig Developer

    What you described above is the admin protection feature in ispconfig which protects certain settings of objects (like websites and email domains) created by the admin from changes by the client, as most admins dont like if their client "accidently" delete their sites when they created them for the client. If you want to create objects as admin for your clients that can be deleted and fully modified by the client, then use the "Login as" function from the client module to switch from admin to the client login before you create the website or email domain.
  4. anset

    anset New Member


    Thank you for the clarification.

    That is what i figured. In future I will use the login as system but i would have liked it to be possible to set everything up for a client using "admin" so it is protected and at a later date, when I have been able to teach the client how it works, hand everything over to him.

    A simple toggle button (only available to "admin") should do the trick I think. But now I understand how it works and I can just make the changes manually.

    Problem solved. :)



Share This Page