N.B. After a brief conversation with Anarcat yesterday, I think this is dependent on #461840: type client/user relationships. Probably also Drush 4. Correct me if I'm wrong.

Use Case

Say I want to sell managed instances of Open Atrium, in a mass hosting environment. Once the site is created, the customer should have an account created with the "manager" role. The customer, in this case, should not have access to user 1 or the "admin" role.

Discussion

Using uc_hosting, I can have a customer purchase access to creating a site on an OA platform. Eventually uc_hosting ought to be able to #920790: (optionally) trigger site creation task as well, thus providing a "single-click site". So far so good...

Now the customer receives a welcome email prompting them to login as user 1 (as well as the "login" link on the site page in Aegir, obviously). Ideally, there would be more flexibility here, which I think can be accomplished with the concept of a client type, as originally described here: #371769: allow for n to n and typed user/client relationships.

For example, I might like to have all user 1 logins restricted to a common "tech/admin" client, namely me. Customers could be assigned a "owner/user/whatever" client type, that can then be mapped to a role available on the platform. In the case of Open Atrium, "manager" would be the appropriate role.

Comments

anarcat’s picture

anarcat commented
Status: Active » Closed (duplicate)

I think this should be done with #899764: Taxonomy or role-based platform access control for site creation.