Managing power-users in a multi-site instance

[vincent]

I'm deploying a multi-site instance of TYPOlight in an "enterprise" environment.

Each administrative website has its own virtual host and TL website root. Furthermore, each website has at least one "trustee" who is responsible for content maintenance.

Every trustee belongs to two user groups. The first is a generic group that defines what any trustee is allowed to do with TL, such as limiting access to certain content editors only as well as certain fields within said editors. The second group is specific to the website that trustee (or trustees, if there's more than one) is assigned to maintain. The site-specific group assigns page and file mounts as well as calendar, news and form usage rights.

No trustee has access to the Module and Page Layout editors. My team retains exclusive administrative rights to those.

Question is...

I've been approached by a trustee who would like to have more control over their site than the standard "trustee-type" privileges offer. Specifically, they're looking for access to the Module and Page Layout editors which TL does not natively extend user/group permissions to. So, my dilemma is that if I give this one trustee access to the Modules editor, I thereby give him access to every module that's been created system-wide--not just his own!

Without success, I've looked through the extension repository for something that will extend group permissions to Modules and Page Layouts. Have I missed something either in the repository or TL user group settings, or am I looking at a choice between writing my own extension versus setting this particular trustee power-user up with his own standalone copy of TL?

[ga.n]

Every trustee belongs to two user groups. The first is a generic group that defines what any trustee is allowed to do with TL, such as limiting access to certain content editors only as well as certain fields within said editors. The second group is specific to the website that trustee (or trustees, if there's more than one) is assigned to maintain. The site-specific group assigns page and file mounts as well as calendar, news and form usage rights.

I've been approached by a trustee who a're looking for access to the Module and Page Layout editors which TL does not natively extend user/group permissions to. So, my dilemma is that if I give this one trustee access to the Modules editor, I thereby give him access to every module that's been created system-wide--not just his own!

so the question is *why* they want to access to the Module and Page Layout? What are their needs? Customize 'sections' (left,right,header,footer,custom) content?

[vincent]

so the question is *why* they want to access to the Module and Page Layout? What are their needs? Customize 'sections' (left,right,header,footer,custom) content?

The vast majority of websites are straight-forward: content in the back and content out the front, with "trustee" permissions providing ample features and control.

Of those that don't fit the "trustee" type, some want additional control for political reasons while others have a legitimate need additional control because certain legitimate aspects of their site extend beyond the boilerplate design and feature set that's made available to them as a common trustee user.

It is this latter group I'd like to be able to accommodate without installing a standalone copy of TL for each.

[ga.n]

Of those that don't fit the "trustee" type, some want additional control for political reasons while others have a legitimate need additional control because certain legitimate aspects of their site extend beyond the boilerplate design and feature set that's made available to them as a common trustee user.
It is this latter group I'd like to be able to accommodate without installing a standalone copy of TL for each.

I am suggesting you to "isolate" the needs in a pratical way. I guess that you can't give us more details but these informations don't help us to help you. What are these "legitimate aspects"? Can't you create a separate group that extend the trustee user? If not why?