A third party is requesting admin access. What's the best way to handle this safely?

They are saying I need to give them Super Admin Access... Yeah, not a fan of that. Is there a XenForo way to handle this type of request? It's a thirdparty Template that created a MySQL error. I'd love to get support but not at that cost...bummer.
 
You need to be the judge of who is trusted, or ask someone. For example, a developer may want to view something or test something, and they may be well known/trusted here, in which case this would not raise a red flag. EDIT: And see below as far a Super Admin.
 
There is no reason they would need super admin access.

The only additional permission super admins have is the ability to edit admins.

A regular admin account with the relevant permissions required for the access they need is sufficient.
 
Ok that's fair.
If anyone has a suggestion on how to handle this without providing Super Admin/Admin access, I'd be open to maybe testing it out.

Is there a setup where they can have SuperAdmin/Admin, if that's the only way, but still maintain system integrity?
Or provide permissions in a way where they only have access to Error Logs and the essentials to their task.
XenForo is so well developed, I thought they would have a solution for this one.

Or

Would a second instance be a way to go, like a Sandbox?
That would mean doubling everything I purchase and install.

Is anyone doing that?
What IDE are they using? So far I've heard PHPStorm.
Is this way too much?
 
Just provide a text copy of the error logs and templates to them.

Not sure why they need admin access to check those.

Or create a test installation - additional purchases aren't required for those for XF, and I doubt any third party add-on providers are any different.
 
I don't think it's to that level, they have around 1500 points in this Forum. I'm not going to say who. I think they were just trying to fix a problem. Moving forward having a test system makes the most sense for me and the type of person I am. I want to be able to test out different add-ons before putting them in a live org. Watching my forum completely shut down because of an addon gives you a little more perspective on best practices. Not sure how I'd react if that had happen with a full set of data and active users.

Thanks for the replies and the advice!
 
Damn...this thread is about to go sideways...please have patience with me and this post.

Ideally, if someone is facing the same issue:

My take away is I need a Test System set up so whoever gets access good or bad they are not exposed to everything.

Having a test system will allow me to test new development, especially if I have a mature system.

Also with a test system, I am more willing to hire a developer to build custom solutions on my platform.

Or I can just provide the logs and the 3rd party has to provide support that way.
 
They are saying I need to give them Super Admin Access... Yeah, not a fan of that. Is there a XenForo way to handle this type of request? It's a thirdparty Template that created a MySQL error. I'd love to get support but not at that cost...bummer.
Don't give them anything. They're potentially trying to hack your site.
 
Damn...this thread is about to go sideways...please have patience with me and this post.

Ideally, if someone is facing the same issue:

My take away is I need a Test System set up so whoever gets access good or bad they are not exposed to everything.

Having a test system will allow me to test new development, especially if I have a mature system.

Also with a test system, I am more willing to hire a developer to build custom solutions on my platform.

Or I can just provide the logs and the 3rd party has to provide support that way.
Don't provide anything to strangers.

They're going to stuff your forum around.
No need for it.

It's a safety thing rather than anything else.
 
Or your hosting location's infrastructure could catch on fire and burn.
Or an earthquake could level the building.
Or a tornado could take out the building.
Or a hurricane could cause massive flooding.

Once more.... due diligence required.
Simply take a backup of the entire site (DB and file structure) before allowing someone you are unsure of coming in and doing any work. That way if they do "stuff" your site... it's very simple to restore.

There are several participants here that I would have no issues with having access as an admin to my panel (many of them are long time developers). There's only one or two that I would grant shell access to my system (@MattW being prime amongst those).
 
Back
Top Bottom