I'm deploying a multi-site instance of TYPOlight in an "enterprise" environment.
Each administrative website has its own virtual host and TL website root. Furthermore, each website has at least one "trustee" who is responsible for content maintenance.
Every trustee belongs to two user groups. The first is a generic group that defines what any trustee is allowed to do with TL, such as limiting access to certain content editors only as well as certain fields within said editors. The second group is specific to the website that trustee (or trustees, if there's more than one) is assigned to maintain. The site-specific group assigns page and file mounts as well as calendar, news and form usage rights.
No trustee has access to the Module and Page Layout editors. My team retains exclusive administrative rights to those.
Question is...
I've been approached by a trustee who would like to have more control over their site than the standard "trustee-type" privileges offer. Specifically, they're looking for access to the Module and Page Layout editors which TL does not natively extend user/group permissions to. So, my dilemma is that if I give this one trustee access to the Modules editor, I thereby give him access to every module that's been created system-wide--not just his own!
Without success, I've looked through the extension repository for something that will extend group permissions to Modules and Page Layouts. Have I missed something either in the repository or TL user group settings, or am I looking at a choice between writing my own extension versus setting this particular trustee power-user up with his own standalone copy of TL?
Bookmarks