User to site limitations

XN-Matt

We've just found an issue where a customer has their own package. (customer 1)

They've told someone else to signup for a service, great. They have their own package too. (customer 2)

Now, customer 2 wants help from customer 1. Instead of sharing their login details, they can add users in the control panel.

Except they can't as customer 1 already exists, the system won't allow it. There is no way to give any control of the customer 2 account to customer 1.

This seems to be an oversight.

Would be interested to knows of ways around this (creating a new email isn't a workable answer) or how this is going to be addressed in the future.

8Dweb

XN-Matt We would never permit this in the fashion you described, since this could potentially be exploited down the line. It would be best for customer one to simply create a special user for customer 2 to login to customer 1 area. That way customer 1 could disable/remove that user at any point in time.

Allowing customer 2 to be granted system level permission to see customer 1 user-space is a huge no-no, and defeats isolation and such..

I would never want this to even be considered as a feature.

There is another option in any case, if this was a "thing" have customer 2 become a reseller who could then manage their downline customers, and move customer 1 over there.

I have a couple of smaller boutique agencies that do just this. This makes the reseller fully responsible for all their sub-tenants/customers. You do not even have to call it a "reseller" if you do not want to do so. In our case, we still have the "customers" in billing system and charge them for the value-add hosting we provide. They just happen to reside under a "reseller" account for the boutique web design firm for the purpose of design and updates.

Or create a system-level user that has access to only the sites you specify using the Collaborator user type from Users on the main Admin login. That is also easy to control.

8Dweb

8Dweb Ok, yes, I just tested it with several scenarios. It fails due to email address being the same. I think I just needed to read it 3 times then comment. In that case one optional work-around would be for customer #1 to setup a disposable email for customer #2, send the collab invite.

XN-Matt

I think you are misunderstanding what i've explained.

Customer 2 being able to add the address of customer 1, is no different than in any other situation. The issue here is that customer 1 is already a customer on the platform.

There needs to be some ability for a customer (2 in this case) to be able to grant access to their account just as they would with any other person, regardless if they are on the platform already or not. After all, there is no more of a security concern if they are or not as they can remove access when they want in the same way.

Simply, someone already being on the platform should not prevent them being added to another customers account as whatever level that other customer decides (i.e super admin or collaborator) - the security risk is identical.

8Dweb

Though, I think collaborators only have access to sites belonging to the "owner"

XN-Matt

8Dweb customer 2 can add any colabs they want via email or link - this is the issue. If the email they want to add (customer 1 in this example) is already on the platform, they cannot add them. Hence the issue.

XN-Matt

8Dweb Not really workable; they shouldn't need to do this and sounds lame. The likely outcome is that full details are shared and i'm sure what the feature was created to avoid.

8Dweb

XN-Matt I get that, I was just offering an immediate work-around once I realize the actual issue.

josedieguez

yep, seems a bug or at least a limitation..