Currently the system administrator role as full access to everything. As OpenOLAT grows up we need to separate the roles more precisely.
- The existing system administrator should be limited to open the administration site.
- The goal is to configure and monitor the system.
- The system administrator should not have access to business objects.
- This is a global role that is not tied to an organisation, it makes only sense on the default organisation
- The system administrator has access to the user management. He must be able to create a new user and assign roles to users. On the user however he only sees basic information an has no access to the users courses etc. (only if user manager)
- A new role administrator (*-manager/everything-manager/master-manager or whatever) is added.
- This new role can do everything that all the other managers can to. It is basically the old system administrator minus the access to the administration site.
- This new role can be restricted to an organisation
- (is this the line-manager?)