Content
Updated by Oliver Günther 3 months ago
This EPIC was originally posted in a [FEATURE request the context of openDesk.](https://project.opendesk.family/wp/1512)
> As an OpenProject administrator, I don't want to work with my administrative permissions all the time, but only when I want to perform an administrative action, e.g., delete a project.
>
> # Background
>
> openDesk features the role "Project administrator" \[Explanation by Wieland: "Project administrator" is a role in openDesk which makes the user an admin in OpenProject. Not to be confused with project admins in OpenProject\], which grants a normal openDesk user administrative privileges to the OpenProject instance, which basically is:
>
> * Access to OpenProject administration section (Profile icon > Administration)
>
> * View all projects, work packages, meetings, etc., basically everything in the OpenProject "user view" (in contrast to the administrative view)
>
>
> # Solution
>
> An administrator works with this non-administrative permissions in OpenProject, just like a normal openDesk user. When an administrator wants to get the administrative view (see all projects, work packages, etc.), the administrator elevates his privileges.
>
> Elevating the privileges requires enering a separate authentication step, e.g., by re-entering their first or second factor, WebAuthn token, or other mechanism. In externally authenticated cases, users might have to re-login at their iDP using special confirmation steps (e.g., prompt=login in oidc)
>
> privileges. After finishing his administrative task, he de-elevates his administrative permissions.
>
> This toggle can be part of the profile drop-down. A banner indicates that an administrator currently runs with administrative permissions, e.g., "You have temporary access to Administrative functions. Drop access if you no longer require it." (This text is used in Atlassian tools).
## User
OpenProject administrators that participate in the daily business.
## Problem
OpenProject administrators can potentially see too much. They could accidentally stumble upon work packages that they should not see without a good reason. In the spirit of data protection it seems wrong that admins see everything all the time, even when they don't act as admins. This leads to users not putting certain information into OpenProject although OpenProject would actually be the right tool for the task.
## Pain
Currently an admin would need to have two user accounts, one for admin tasks and one as a normal user. That requires switching accounts and whenever that user gets assigned to a work package the assigning person needs to be careful to chose the right account. Also it requires two different e-mail addresses as those typically need to be unique. Also, notifications might sometimes go to the wrong account, making it hard to follow up on updates.
# Business Case
## Reach
Low. But probably every OpenProject installation has at least one person that is in that admin vs normal user limbo. limbo. 
## Impact
Low. But the affected users are our driving ambassadors and we want them to be happy and successful.
## Confidence
Medium. We haven't heard about that pain by too many people yet. Maybe we will get more upvotes?
## Urgency and Priority
That feature could be implemented at any time. However, it makes sense to look at it together with the idea of adding more fine grained scopes to our API.
## Solution
An administrator works with this non-administrative permissions in OpenProject, just like a normal user. When an administrator wants to get the administrative view (see all projects, work packages, etc.), the administrator elevates his privileges. After finishing his administrative task, he de-elevates his administrative permissions. The de-elevation could also automatically happen after a certain period of time, e.g. after an hour.
This toggle can be part of the profile drop-down. A banner indicates that an administrator currently runs with administrative permissions, e.g., "You have temporary access to Administrative functions. Drop access if you no longer require it." (This text is used in Atlassian tools).
## Differentiation
We remove a significant pain for administrators and their team. We reduce chaos (wrong assignments), huzzle to manage multiple accounts, and also stress to accidently see too much.
# Launch and Growth
## Measures
_How will you know you solved the problem? Please list measurable, quantitative indicators (preferred) or qualitative ways you plan on assessing the solution?_
* In the end there should be less accounts per OpenProject instance that have the same name but one being an admin and the other not.
## Messaging
_If you were to write a press release, how would you describe the value to customers?_
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><tbody><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Headline</p></th><td class="op-uc-table--cell"><p class="op-uc-p">OpenProject takes data protection to the next level: By default administrators cannot see more than you.</p></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">First Paragraph</p></th><td class="op-uc-table--cell"><p class="op-uc-p"><br></p></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Customer Quote</p></th><td class="op-uc-table--cell"><p class="op-uc-p">Finally I don't need to fiddle around with multiple user accounts. This is so much cleaner!</p></td></tr></tbody></table></figure>
## Go to market
_How are you planning on getting this into users' hands?_
That feature would simply be available on every OpenProject instance, and active by default.
> As an OpenProject administrator, I don't want to work with my administrative permissions all the time, but only when I want to perform an administrative action, e.g., delete a project.
>
> # Background
>
> openDesk features the role "Project administrator" \[Explanation by Wieland: "Project administrator" is a role in openDesk which makes the user an admin in OpenProject. Not to be confused with project admins in OpenProject\], which grants a normal openDesk user administrative privileges to the OpenProject instance, which basically is:
>
> * Access to OpenProject administration section (Profile icon > Administration)
>
> * View all projects, work packages, meetings, etc., basically everything in the OpenProject "user view" (in contrast to the administrative view)
>
>
> # Solution
>
> An administrator works with this non-administrative permissions in OpenProject, just like a normal openDesk user. When an administrator wants to get the administrative view (see all projects, work packages, etc.), the administrator elevates his privileges.
>
> Elevating the privileges requires enering a separate authentication step, e.g., by re-entering their first or second factor, WebAuthn token, or other mechanism. In externally authenticated cases, users might have to re-login at their iDP using special confirmation steps (e.g., prompt=login in oidc)
>
>
>
> This toggle can be part of the profile drop-down. A banner indicates that an administrator currently runs with administrative permissions, e.g., "You have temporary access to Administrative functions. Drop access if you no longer require it." (This text is used in Atlassian tools).
## User
OpenProject administrators that participate in the daily business.
## Problem
OpenProject administrators can potentially see too much. They could accidentally stumble upon work packages that they should not see without a good reason. In the spirit of data protection it seems wrong that admins see everything all the time, even when they don't act as admins. This leads to users not putting certain information into OpenProject although OpenProject would actually be the right tool for the task.
## Pain
Currently an admin would need to have two user accounts, one for admin tasks and one as a normal user. That requires switching accounts and whenever that user gets assigned to a work package the assigning person needs to be careful to chose the right account. Also it requires two different e-mail addresses as those typically need to be unique. Also, notifications might sometimes go to the wrong account, making it hard to follow up on updates.
# Business Case
## Reach
Low. But probably every OpenProject installation has at least one person that is in that admin vs normal user limbo.
## Impact
Low. But the affected users are our driving ambassadors and we want them to be happy and successful.
## Confidence
Medium. We haven't heard about that pain by too many people yet. Maybe we will get more upvotes?
## Urgency and Priority
That feature could be implemented at any time. However, it makes sense to look at it together with the idea of adding more fine grained scopes to our API.
## Solution
An administrator works with this non-administrative permissions in OpenProject, just like a normal user. When an administrator wants to get the administrative view (see all projects, work packages, etc.), the administrator elevates his privileges. After finishing his administrative task, he de-elevates his administrative permissions. The de-elevation could also automatically happen after a certain period of time, e.g. after an hour.
This toggle can be part of the profile drop-down. A banner indicates that an administrator currently runs with administrative permissions, e.g., "You have temporary access to Administrative functions. Drop access if you no longer require it." (This text is used in Atlassian tools).
## Differentiation
We remove a significant pain for administrators and their team. We reduce chaos (wrong assignments), huzzle to manage multiple accounts, and also stress to accidently see too much.
# Launch and Growth
## Measures
_How will you know you solved the problem? Please list measurable, quantitative indicators (preferred) or qualitative ways you plan on assessing the solution?_
* In the end there should be less accounts per OpenProject instance that have the same name but one being an admin and the other not.
## Messaging
_If you were to write a press release, how would you describe the value to customers?_
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><tbody><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Headline</p></th><td class="op-uc-table--cell"><p class="op-uc-p">OpenProject takes data protection to the next level: By default administrators cannot see more than you.</p></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">First Paragraph</p></th><td class="op-uc-table--cell"><p class="op-uc-p"><br></p></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Customer Quote</p></th><td class="op-uc-table--cell"><p class="op-uc-p">Finally I don't need to fiddle around with multiple user accounts. This is so much cleaner!</p></td></tr></tbody></table></figure>
## Go to market
_How are you planning on getting this into users' hands?_
That feature would simply be available on every OpenProject instance, and active by default.