Text only | Text with Images

VirtueMart Forum

VirtueMart 2 + 3 + 4 => General Questions => Topic started by: super_dave on September 16, 2014, 06:32:18 AM

Title: Allowing backend access
Post by: super_dave on September 16, 2014, 06:32:18 AM
Hello,

I apologize in advance for the newb question, but I tend to keep backend access to myself on any site I've ever made.

I'm having issues with a payment gateway module (don't want to disclose which one yet, the programmer is offering support and I'll give a review after the issue is resolved or not) and the programmer requires FTP and backend access.

It goes without saying I'm backing up a restore point to the database prior to adding the new user.

What level of access do I give the programmer in order for them to access the payment plugins required and complete their job, but so I don't lose access to the backend myself? Of course everything could be restored should they become malicious but that's a pain in the butt. Also is there a way to limit their access to only the payment plugin, and virtuemart plugin or would it be better advised to give them super user status?

Could a super user give me the boot as admin?

Yes, I'm ultra paranoid ;).
Title: Re: Allowing backend access
Post by: super_dave on September 16, 2014, 08:20:37 AM
All right,  I've created a user in the administrator group, and have given the group permission in Virtuemart to;

Configure: Allowed
Access Admin Interface: Inherited

Would that do the job? Seems to give them access to what they'd need. Gotta admit I don't like that they can fiddle with modules and settings, but at least the don't have access to the config.
Title: Re: Allowing backend access
Post by: jenkinhill on September 16, 2014, 10:34:56 AM
You have to trust a developer who is helping out - if you don't trust them then do not give them any access at all. For most support jobs we take on we do require superuser access, and either eXtplorer to be installed on the site or ftp access.

Yes, a superuser can take over a site. You should make a full backup of the site and make sure that the backup works before allowing anyone else to have access. Then if you need reassurance you could do a full file comparison of before & after.

Also as a superuser, there is full access to your customer and order data......
Title: Re: Allowing backend access
Post by: super_dave on September 17, 2014, 00:03:24 AM
Thanks Jerkinhill, you're truely helpful :D.

I've given permission in Virtuemart to the admin group to only see and edit the payment mods, everything else is locked down. Thanks for pointing that out.
Text only | Text with Images