A third party is requesting admin access. What's the best way to handle this safely?

Sort by date Sort by votes
They are saying I need to give them Super Admin Access... Yeah, not a fan of that. Is there a XenForo way to handle this type of request? It's a thirdparty Template that created a MySQL error. I'd love to get support but not at that cost...bummer.
 
Upvote -2 Downvote
You need to be the judge of who is trusted, or ask someone. For example, a developer may want to view something or test something, and they may be well known/trusted here, in which case this would not raise a red flag. EDIT: And see below as far a Super Admin.
 
Upvote 0 Downvote
There is no reason they would need super admin access.

The only additional permission super admins have is the ability to edit admins.

A regular admin account with the relevant permissions required for the access they need is sufficient.
 
Upvote 0 Downvote
Ok that's fair.
If anyone has a suggestion on how to handle this without providing Super Admin/Admin access, I'd be open to maybe testing it out.

Is there a setup where they can have SuperAdmin/Admin, if that's the only way, but still maintain system integrity?
Or provide permissions in a way where they only have access to Error Logs and the essentials to their task.
XenForo is so well developed, I thought they would have a solution for this one.

Or

Would a second instance be a way to go, like a Sandbox?
That would mean doubling everything I purchase and install.

Is anyone doing that?
What IDE are they using? So far I've heard PHPStorm.
Is this way too much?
 
Upvote 0 Downvote
Just provide a text copy of the error logs and templates to them.

Not sure why they need admin access to check those.

Or create a test installation - additional purchases aren't required for those for XF, and I doubt any third party add-on providers are any different.
 
Upvote 0 Downvote
I don't think it's to that level, they have around 1500 points in this Forum. I'm not going to say who. I think they were just trying to fix a problem. Moving forward having a test system makes the most sense for me and the type of person I am. I want to be able to test out different add-ons before putting them in a live org. Watching my forum completely shut down because of an addon gives you a little more perspective on best practices. Not sure how I'd react if that had happen with a full set of data and active users.

Thanks for the replies and the advice!
 
Upvote 0 Downvote
Damn...this thread is about to go sideways...please have patience with me and this post.

Ideally, if someone is facing the same issue:

My take away is I need a Test System set up so whoever gets access good or bad they are not exposed to everything.

Having a test system will allow me to test new development, especially if I have a mature system.

Also with a test system, I am more willing to hire a developer to build custom solutions on my platform.

Or I can just provide the logs and the 3rd party has to provide support that way.
 
Upvote -2 Downvote
elw323 said:
They are saying I need to give them Super Admin Access... Yeah, not a fan of that. Is there a XenForo way to handle this type of request? It's a thirdparty Template that created a MySQL error. I'd love to get support but not at that cost...bummer.
Click to expand...
Don't give them anything. They're potentially trying to hack your site.
 
Upvote 0 Downvote
elw323 said:
Damn...this thread is about to go sideways...please have patience with me and this post.

Ideally, if someone is facing the same issue:

My take away is I need a Test System set up so whoever gets access good or bad they are not exposed to everything.

Having a test system will allow me to test new development, especially if I have a mature system.

Also with a test system, I am more willing to hire a developer to build custom solutions on my platform.

Or I can just provide the logs and the 3rd party has to provide support that way.
Click to expand...
Don't provide anything to strangers.

They're going to stuff your forum around.
No need for it.

It's a safety thing rather than anything else.
 
Upvote 0 Downvote
aussiefooty said:
Read this thread https://www.theadminzone.com/threads/dealing-with-moderators-that-think-they-own-your-forum.150036/

This is something that could happen to your forum.
Click to expand...
Or your hosting location's infrastructure could catch on fire and burn.
Or an earthquake could level the building.
Or a tornado could take out the building.
Or a hurricane could cause massive flooding.

Once more.... due diligence required.
Simply take a backup of the entire site (DB and file structure) before allowing someone you are unsure of coming in and doing any work. That way if they do "stuff" your site... it's very simple to restore.

There are several participants here that I would have no issues with having access as an admin to my panel (many of them are long time developers). There's only one or two that I would grant shell access to my system (@MattW being prime amongst those).
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

NandorHUN
  • Question Question
XF 2.2 What's the best way to translate Xenforo in 2020?
Replies
8
Views
2K
ekempter
ekempter
NandorHUN
  • Question Question
XF 2.2 What's the best way to edit a BB code text?
Replies
1
Views
928
djbaxter
djbaxter
NandorHUN
  • Question Question
XF 2.2 I want to make a part of my forum private and make it "invitation only". What's the best way to do it?
Replies
4
Views
810
Paul B
Paul B
NandorHUN
  • Question Question
XF 2.2 What's the best way to manage two user groups in a forum? (Multiple solutions: which one is the best? )
Replies
7
Views
892
NandorHUN
NandorHUN
Lone Wolf
Adsense is heavy on page loading, what's the best way to implement it for lighter page loading?
Replies
8
Views
1K
Daniel Hood
Daniel Hood
Top Bottom