0
Answered

Difference between Admin User and Super User in XTRF

Sancho Leath 3 years ago in Home Portal updated 2 years ago 5

In recent days I was made aware that XTRF differentiates between the admin user, which is used by the XTRF customer to configure the system based on LSP needs, and a so-called SuperUser. This was the first time I had heard this term. Apparently there are certain actions that can only be performed by this SuperUser. This is rather confusing and not quite logical to me. Why have a system admin that has restricted rights, rights that cannot be granted in the user section of the XTRF confiuration? One example where this showed up is that only the SuperUser has the right to delete several database entries (such as invoices at once). The admin user can only delete one at a time?!?


@XTRF: Would you mind explaining the reasoning behind this approach? If there isn't a good reason, could you please give the admin user the same right as the SuperUser, effectively doing away with the SuperUser?


Looking forward to your feedback.

Sancho

Answer

Answer
Answered

There is the original 'admin' user in every XTRF, yours included. You can't delete it or edit its name. 

Then, any additional users can be included in the Administrators group. Their user rights will be just a little bit limited. The ability to delete multiple entities at the same time from a browse is one important difference. 


In short, you do have the 'super-user' rights with the original admin user. We don't really use the term 'super-user' in XTRF terminology by the way.

GOOD, I'M SATISFIED
Satisfaction mark by Sancho Leath 3 years ago

This is a standard practice at least to me. The Super User (like root in Unix systems) has nearly unlimited powers, and hence also power to cause irreparable damage and destruction. Limiting this power to just one user is a Good Thing.


Also, two Super Users might theoretically simultaneously change the same record in the database causing big problems.

Answer
Answered

There is the original 'admin' user in every XTRF, yours included. You can't delete it or edit its name. 

Then, any additional users can be included in the Administrators group. Their user rights will be just a little bit limited. The ability to delete multiple entities at the same time from a browse is one important difference. 


In short, you do have the 'super-user' rights with the original admin user. We don't really use the term 'super-user' in XTRF terminology by the way.

+1

Hello Maciej,


Our accountant has been using the original admin user for the last few weeks to delete wrongly submitted vendor invoices. But this has me quite nervous because the original admin has too many rights. I just verified your last reply and have to report that even though our accountant user group has the right to delete vendor invoices (see screenshot), the accountant is not even able to delete one invoice at a time. My understanding was that it was a matter of how many records could be deleted at a time, i.e. the original admin can delete many while all other users can only delete one at a time. Below a screenshot of the error message the accountant gets with their user when trying to delete an invoice, whether it is in Confirmed or Sent status.





+1

Hello Maciej,


I can confirm Viktor's comment that when you open the invoice you want to delete in edit mode from an Invoices Smart View and set back its status all the way back, save it, then go back to the Smart View list, you can actually delete one invoice at a time. As you can tell, that is a lot of clicking to remove a faulty record. It should be sufficient to pop up a warning when the accountant wants to delete an invoice saying something like "This invoice is set to [Status]. Are you sure you want to remove it?". The accountant is a professional who knows what they are doing. Limiting them to one record deletion at a time in addition to such a warning message should be plenty of safety precautions. The current design forces too many clicks and changes of pages.


Of course, the root of all this evil lies with the current design of VP that allows vendors to submit faulty invoices. So the root of the matter is hidden there. But it might still take quite a while for the VP to be overhauled, so can you please pass on this minor improvement request? What's your take on this?

Try to set the status before you delete it.