25. Internationale ILIAS-Konferenz

Jetzt Tickets sichern / Order Tickets now!

Feature Wiki

Information about planned and released features

Tabs

New Permission `Edit accounts` for User Management

Page Overview

[Hide]

1 Initial Problem

The current permissions for user management can cause problems.

There's a common scenario where users need to be given permissions via a role so they can view and manage user accounts.

Currently, it works like this:

  • With the permission ‘Read All Accounts: User can list all accounts in User administration’, I can see all users in the table. I only have access to the information that can be used in the table via column selection.
  • With the permission ‘Edit Settings: Edit settings in User administration’, I get access to the individual user accounts. I can view and edit the users' personal data and personal settings. With this permission, as the name suggests, I can also adjust the settings of User Management. This includes 'Administrative Settings', 'User Settings', 'New Account Mail' and 'Starting Points'.

So if I want to assign permissions for viewing and editing users, I have to accept that the user management settings can be changed at the same time. That is inconvenient.

2 Conceptual Summary

A new permission ‘Edit accounts: Edit information from individual accounts’, is to be introduced.

  • This permission grants access to the tabs ‘Properties’, ‘Learning Progress’ and ‘Repository Objects’. In ‘Properties’, the user's personal data and settings can be viewed and edited.
  • The 'Edit Settings' permission no longer includes the 'Edit Accounts' and 'Edit Role Assignment' permissions.

Migration: Existing roles with the 'Edit Settings' permission automatically also receive the “Edit accounts” permission. Dedicated permissions create greater clarity.

3 User Interface Modifications

3.1 List of Affected Views

  • Administration » Roles » {global Role} » Administration Permissions

3.2 User Interface Details

One more permission in the RBAC form. In addition, the order of permissions in the form should be changed.

  • User Management
    • Read: User has read access to User administration
    • Read All Accounts: User can list all accounts in User administration
    • Create Accounts: User is allowed to create user accounts.
    • Edit Accounts: Edit information from individual accounts.
    • Edit role assignment: User can change role assignment of user account
    • Recommend Content: User is allowed to add recommended content for role members.
    • Edit Settings: Edit settings in User administration
    • Delete: User can delete user accounts
    • Change Permissions: User can change permission settings in User administration

3.3 New User Interface Concepts

None.

3.4 Accessibility Implications

There are no new or further Accessibility implications.

4 Additional Information

4.1 Involved Authorities

4.2 Technical Aspects

{ Necessary technical information have to be provided here, e.g. dependencies on other ILIAS components, necessary modifications in general services/architecture, potential security or performance issues. }

4.3 Privacy

There are no new or further privacy implications.

4.4 Security

There are no new or further security implications.

4.5 Contact

Person to be contacted in case of questions about the feature or for funding offers:  Samoila, Oliver [oliver.samoila]

4.6 Funding

Funding status and funding parties are listed in the block 'Status of Feature' in the right column of this page.

If you are interested to give funding for this feature, please get into contact with the person mentioned above as 'Contact'.

5 Discussion

Samoila, Oliver [oliver.samoila], 25 February 2026: During the conceptual discussions, Stephan Kergomard and I decided against introducing another separate permission for reading user properties only. This was mainly because this would currently only be possible with a completely disabled form. This feels like the wrong approach for representation.

Kergomard, Stephan [skergomard], 26 FEB 2026: I support this change as it helps simplify and clarify the permissions in the administration of the component `User`.

Kunkel, Matthias [mkunkel], 05 MAR 2026: I highly appreciate this suggestion and consider it as a real improvement for the user handling. I only have one request of change. The suggested order of permissions does not reflect the (unwritten) paradigm of ‘harmless at first, more consequential later‘. The lower a permission is order is placed, the more powerful and ‘dangerous‘ it is. Therefore, I would suggest the following order:

  • Read: User has read access to User administration
  • Read All Accounts: User sees all accounts in User administration
  • Recommend Content: User is allowed to add recommended content for role members.
  • Edit Accounts: User can edit information from individual accounts.
  • Edit role assignment: User can change role assignment of user account
  • Edit Settings: User can edit settings in User administration
  • Create Accounts: User is allowed to create user accounts.
  • Delete: User can delete user accounts
  • Change Permissions: User can change permission settings in User administration

And when we touch this view, we should streamline the wording a bit and give a permission explanations the same structure ‘User ...‘.

Samoila, Oliver [oliver.samoila], 06 March 2026: That sounds like a good solution. Thanks.

JourFixe, ILIAS [jourfixe], 09 MAR 2026: We highly appreciate this suggestion and accept the feature for trunk. Please contact Kunkel, Matthias [mkunkel] for writing the related test case.

6 Implementation

Feature has been implemented by {Please add related profile link of this person}

6.1 Description and Screenshots

{ Description of the final implementation and screenshots if possible. }

6.2 Test Cases

Test cases completed at {date} by {user}

  • {Test case number linked to Testrail} : {test case title}

6.3 Privacy

Information in privacy.md of component: updated at {date} by {user} | no change required

6.4 Approval

Approved at {date} by {user}.

Full Screen

Last edited: 9. Mar 2026, 14:13, Kunkel, Matthias [mkunkel]