Users and editing permissions are added only by the admin role (WebTech)
Context
Before granting editing access on WebTech-supported websites, we require all web content editors, developers, or maintainers to take accessibility training, as required by Western's accessible IT policy.
In Drupal's user system, the only way to add a user that we know of is to allow the permission "administer users." If this permission is granted to roles other than admin, it is possible editors could add other users to the site with editing permissions, without WebTech's awareness or taking the accessibility training.
Decision
Only the admin role (granted only to WebTech staff) will have the "administer user" permission. If users need to be added, site editors or maintainers must reach out to webhelp@wwu.edu, or fill out the user account request form (in development at time of publishing).
If there are sites that still grant administer user roles to super editors, this role should be turned off or removed from those accounts.
Status
Consequences
- The super editor or lower roles will not have access to add users, and will need to request to WebTech to add a new user account (for editors, staff directories, etc.)
- Depending on site/unit size and the number of staff or faculty, the requests may be more frequent or change more often. This may mean an increase of web help or form requests, especially if super editors were allowed this permission before.
- The response times to adding users may vary. It would help to have a form to request adding users, and eventually setting up an automated flow where Drupal or CI could help with these tasks.