Who can get Admin Status for the service Voluntarily.NZ?

Criteria for SysAdmin status

• Must be an employee of Voluntarily.NZ.

• Must be technically capable and understand the privileges granted.

• Must be approved by Platform Technical Lead or Senior management staff.

Identifying System Administrators

• Account profiles show Administrator in the roles list.

• When signed in as a system administrator the web user interface is highlighted to ensure people are aware of their raised privileges. https://voluntarily.atlassian.net/browse/VP-1424

• API call Listing admins id, name and email. - requires a list people permission.

Admin Rights

If you have Admin status on Voluntarily you have these abilities:

Client Interface

• Footer - shows menu to admin page and other entity pages.

• MemberSection - Admins and orgAdmins see the member table of an organisation

• adminPage - access to any page wrapped in the adminPageHOC

• ActDetailPage - owner, OrgAdmin and Admin can edit the Activity

• OpDetailPage - owner, OrgAdmin and Admin can manage the Opportunity: edit, manage interested volunteers, complete and cancel

• OrgDetailPage - OrgAdmin and Admin can edit the organisation

• OrgDetailForm - Only Admin can edit the organisation category. category cannot be set to Admin except through db config. Orgs cannot make themselves Admin OP or AP and they are VP by default. A system Admin must edit the organisation to make them a school or Activity provider based on a formal request. or they are onboarded into that mode directly.

• OrgListPage - Create Organisation button.

• PersonDetailPage - Admin has newPerson Edit, Remove & ShowPeople buttons.

Admin Pages

• admin/invite-school

• admin/goals

API

Admins can

• list/get all entities

• create/update all entities

• delete all entities

• carry out OrgAdmin functions for all organisations

• carry out owner functions for activities and opportunities

• view and modify person record

Admins cannot

• no current restrictions

Enabling Admin Role

To be an admin you must have role = [Role.ADMIN] set in your Person record or be a member of an org with the Admin (AGENCY) Category.

When a new platform is deployed the first system admin must be created in the database by a person with existing DB access permissions. (i.e. A person with permission to access the Voluntarily Password management system). This person can then create the admin organisation and add further members.

Explicit Admin role

When a person first signs in they are given the default ‘volunteer’ role.

The admin role cannot be set through API PUT calls as the field is deleted before save.

Admin role can be set by direct editing of the person record in the database. This allows devs to set their admin status directly. It also allows the first administrator to be created in a new deployment by someone with database access.

x/db/make-admin.js (Give a person the "admin" role)

However subsequent administrators should have their role set by membership of an admin organisation. This makes it easier to add and remove new admins.

Implicit Admin role

People inherit their role and access permissions from the organisations they belong to. Hence an org with ‘admin’ category has members who will have the admin role. This allows us to create an org for ‘voluntarily support’ and to manage people in this role without needing database access.

Note to get admin role you must be a MEMBER of and not ORG_ADMIN of the admin org.

Setting the category of an organisation can only be done by an existing admin. Hence only an existing admin can create a new admin organisation. https://voluntarily.atlassian.net/browse/VP-1110