Where have domain administrators gone?

[HostaHost]

So a feature that has been in Plesk for oh, maybe about seven years, has disappeared; the Domain Administrator. This was a handy tool you could click a couple times and give someone access to manage certain aspects of just one domain on a particular server without seeing or knowing anything else about any other domain on the server.

In 10, that is gone. Now you have to create a User on the Users tab and give them a pre-set number of rights. However, every single choice you have gives the person the ability to view every domain on the server and every user account and email address that exists within those other domains.

 

[IgorG]

Reasons why Domain administrator feature has been dropped are described in "New Features in Hosting Management" here - http://download1.parallels.com/Plesk/PP10/10.2.0/Doc/en-US/online/plesk-whats-new/

 

[HostaHost]

That's great, thanks for keeping those of us operating hundreds of pre-version 10 servers in mind since now we have no way to upgrade other than to tell our customers, hey, why don't you create a 'customer' for every single domain on every single server you utilize.

 

[HostaHost]

I should also note that this presents a security issue and is incompatible with the Plesk Billing software; assuming people using it actually want to get paid. Here's why:

The current version of Plesk Billing will not provision reseller accounts. This means if we want our customers to actually pay us for the subscriptions they have, which we would like them to do since we're a web hosting company and that is how we derive our revenue, our ONLY option is to create them as a "Client" and only give them access as a Client. If they are a client, obviously they cannot create other clients, which means there is no way for them to create an account for someone who can only manage one domain while not seeing the other domains, the other domains' users, the other domains' email accounts or any other information they should not have possession of. If they are a reseller or admin, they can create as many subscriptions as they want without being billed for them since they can avoid having to use the billing interface or go through us.

Or what if a customer needs third party assistance on one domain? If they're a client, they can't do anything without giving that third party an account that lets them see every other domain on the server, every email account on every domain on the server, every other user on every other domain on the server; does that sound secure? If they're a reseller, they'd have to create a new client account, take the domain out of one client account and move it to another, which will cause the site to have an outage since the IP address is stuck with the old client account, let this third party work on it and hope they do not utilize the additional rights a client account has to give themselves more access to the server than they should have, such as shell access (which domain administrators can be prevented from changing), then when they're done, take another outage while moving the domain back to the previous client and then changing the IP again? That would require at least five to ten minutes of work and two outages to accomplish less than the 20 seconds creating a domain administrator would have accomplished.