docs(admin): Bring Administration privileges chapter up-to-date

* Update to match current implementation's title in `server` * Tidy up/expand the instructions a bit * Split into Introduction + Usage section * Update screenshot Signed-off-by: Josh <josh.t.richards@gmail.com>
2026-03-27 13:38:39 +07:00 · 2024-04-05 10:30:12 -04:00
parent 97320d8c39
commit e6dc9b7193
2 changed files with 36 additions and 19 deletions
--- a/admin_manual/configuration_server/admin_delegation_configuration.rst
+++ b/admin_manual/configuration_server/admin_delegation_configuration.rst
@@ -1,27 +1,44 @@
-=====================
-Admin right privilege
-=====================
+======================================
+Administration privileges (Delegation)
+======================================

-By default only members of the admin group can access and edit the admin
-settings. It is sometimes needed to give some group of users access to a
-setting page while not giving them access to everything. For this you can
-use the *Admin right privilege* settings.
+Introduction
+~~~~~~~~~~~~

-.. note::
-  Not every setting pages support this features. This is due to either the
-  feature not being implemented yet for the specific setting page or due
-  to possible privilege escalations.
+Nextcloud has built-in functionality which permits administrators to delegate authority 
+to others without granting them full administration privileges (and without making 
+them a member of the ``admin`` group). 

-Configuring Admin right privilege
-=================================
+This administration privilege delegation functionality is supported by many shipped and 
+ecosystem apps that have their own settings areas under *Administration settings*.

-Go to the *Admin right privilege* Admin page, you should be presented
-with the list of settings that support this features.
+.. note:: If you're an app developer and would like administrators to be able to utilize this
+  functionality for your app, you need to enable support for delegation of your settings (see 
+  the Developer Manual for specifics).
+
+.. tip:: Delegation of user management isn't handled here, but through the use of 
+  :doc:`Group Administrators <../configuration_user/user_configuration>`.
+
+Usage
+~~~~~
+
+By default only members of the ``admin`` group can access *Administration settings*. You can 
+create additional user groups (or use existing ones) and then grant these groups access to specific 
+settings.
+
+While logged in to an account that is a member of the ``admin`` group, go to 
+*Administration settings* -> *Administration privilege*. You will be presented with the list of 
+settings pages and sections, including for any installed apps, that support delegation.

 .. figure:: images/admin-right.png

-By clicking on the combobox, you will be able to choose which user groups
-are able to access the selected setting. You can revoke the access at any
-time by removing the group from the selection.
-
+By clicking on the combo box, you will be able to choose which groups are able to access the 
+selected settings. You can revoke access at any time by removing the group from the selection 
+(or, if you wish only to revoke access for an individual account, by removing that account from 
+the configured group).

+.. tip::
+  Not every settings page or section supports delegation. This is either because delegating 
+  access to that particular settings page would enable privilege escalation (i.e. bypassing 
+  of the limited administration authority) or delegation has not yet been implemented for 
+  that specific settings page or app.
--- a/admin_manual/configuration_server/images/admin-right.png
+++ b/admin_manual/configuration_server/images/admin-right.png