mirror of
https://github.com/KelvinTegelaar/CIPP.git
synced 2026-04-25 08:16:01 +03:00
Labels
No labels
API
Feature
NotABug
NotABug
Planned
Sponsor Priority
Sponsor Priority
bug
documentation
duplicate
enhancement
needs more info
no-activity
no-priority
not-assigned
pull-request
react-conversion
react-conversion
roadmap
security
stale
unconfirmed-by-user
unconfirmed-by-user
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/CIPP#77
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @KelvinTegelaar on GitHub (Oct 26, 2021).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/124
Is your feature request related to a problem? Please describe.
In #72 we discussed copying user membership, we should extend on this in the next version to allow users to create presets and select these from a dropdown, including the correct license.
Describe alternatives you've considered
Keeping just the copy-user option is nice for memberships, but not enough.
Additional context
Ref #72
@KelvinTegelaar commented on GitHub (Oct 26, 2021):
Also Ref #112
@KelvinTegelaar commented on GitHub (Oct 26, 2021):
For ref the requesting users: @scubes13 and @zenmechanic
@KelvinTegelaar commented on GitHub (Nov 2, 2021):
@scubes13 @zenmechanic could you tell me a little more about how you'd see the templating feature work.
@TUCU-Adam commented on GitHub (Nov 2, 2021):
For my use case, it'd mostly be about license assignment and security group and Teams/SharePoint group memberships based on a pre-existing user. eg, when adding someone to the finance department, I can select someone else from the finance department to copy memberships from to get the new user into all the right groups. eg, it adds them to the SSO provisioning group for QuickBooks online, it adds them to both the finance and accounting SharePoint sites/teams.
It'd be swell if somehow it could also set allowed apps under license settings. EG, front line workers will have the same license as everyone else, but we don't want to give them SharePoint access at all, so we disable the SharePoint app under the license settings for that user. Doubt that can be done programmatically though.
From: KelvinTegelaar @.>
Sent: November 2, 2021 3:49 PM
To: KelvinTegelaar/CIPP @.>
Cc: Adam Thorn @.>; Mention @.>
Subject: Re: [KelvinTegelaar/CIPP] Feature Request: Extend on user templates #72 (Issue #124)
@scubes13https://github.com/scubes13 @zenmechanichttps://github.com/zenmechanic could you tell me a little more about how you'd see the templating feature work.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com/KelvinTegelaar/CIPP/issues/124#issuecomment-958115720, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADH4YQJ6TRP6IWYWNOVAN5DUKA6EFANCNFSM5GXQJ6OA.
Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
@scubes13 commented on GitHub (Nov 2, 2021):
Very similar to what @zenmechanic shared. However, I'd like to create a template for the tenant (ie, Finance, Sales, etc) that would encapsulate these settings. Perhaps the creation of the template could be the result of copying settings from a selected user. However, every user might be different or carry multiple roles. So, while John Doe may be in Finance - perhaps they also have access to Sales (for whatever reason). Copying his settings might have negative consequences that we weren't aware of at the time (ie, access to things the new user should not inherit).
So, I think the better approach would be creating a template for the roles....
Items to consider... License(s), security groups, Teams/SharePoint, Shared Mailboxes, Distribution Groups(?)...
@KelvinTegelaar commented on GitHub (Nov 2, 2021):
Thanks, that already helps loads!
@TUCU-Adam commented on GitHub (Nov 2, 2021):
@scubes13 great point, I hadn't thought about role crossover.
I thought about truly templated users, but how do you hide the templated users from the associated groups. I can see the ongoing questions from every department head at every company "Who is this 'Template' person that can see the payroll reports".
Is it possible to hide the template users from all group memberships?
Or is it possible to add the templates to CIPP under the standards section and not looking up group memberships from a reference object (user template) but instead pulling it from settings that have been pre-configured.
-"Tenant Administration"
-"Standards"
-"Standard user roles"
-Select Tenant
-Select role
-Edit role
-"Add group memberships to role" ((pulls list of group names from tenant)) maybe split this between sec groups and SP/Teams groups as different dropdowns in case of large orgs with too many groups combined to effectively list in a single dropdown.
-"Add standard license settings to role"
-"More settings and stuff"
-"Save role"
** Write above settings as a static entry in CIPP (or as a SharePoint list in the customer or partner tenant) to be referenced in the user creation screen**
Then
-"Administration"
-"Users"
-"Add new user"
-"Select tenant" which populates the user templates created for the tenant in the standards section and reads the settings held in CIPP or the SharePoint list populated earlier. Multi-select for users that have more than one role.
Not sure how feasible, but this would be awesome.
Edit: Not sure if doable, but 'edit user' by selecting new role might be handy. Eg. if someone gets promoted internally and goes from say "Sales" to "Sales Manager" which gives them new access to a 'Management' group. Would you have to cycle through deleting them from existing groups and re-adding them to the prior groups and the new additional groups or can you run a diff/compare and leave current memberships intact and add new?
Not sure how that looks. Probably better to delete group membership entirely in case the move is to a completely different department. Eg. someone goes from 'sales' to 'software dev' teams. They shouldn't have access to any sales groups any more and a diff/compare would leave the old memberships intact while adding new 'software dev' group memberships.
Or perhaps there is a situation where they have a crossover roll during their transition from 'sales' to dev. The 'edit user' should remove the group memberships for 'sales' when de-selecting the old 'sales' role down the road when they fully stop being responsible for anything sales related. It should not however remove them from any manual group assignments, only the specifically defined 'role' group assignments.
@KelvinTegelaar commented on GitHub (Nov 3, 2021):
Moved to release 1.4, this will be one of the pillars for that release.