I’m working on a tutorial for hiding Top Menu items in the Manager and have run into an issue that involves custom permissions for admin users.
I’m assuming that the Administrator Policy and Policy Template might be overwritten on upgrade. One way of adding a safe custom permission would be to duplicate the AdministratorTemplate, add the custom permission to it, and create a duplicate of the Administrator Policy based on the duplicate template. This is no longer possible, since you can’t change the template of the Administrator policy.
I can create a new policy based on the duplicate template, but that would mean two Administrator ACL entries with 130 Permissions, which seems like it would slow things down significantly (and I can’t delete the original mgr/Administrator Context Access ACL entry).
I can create a new policy template with the single custom permission, base a policy on it, and create a mgr Context ACL entry for the Administrator group with that policy, but it seems it would be more efficient to just have the custom permission added to the main mgr Context ACL entry for Administrators.
My question is: Will the standard Administrator policy and policy template remain uneditable and will the original ACL entry remain undeletable? I can see the sense of that, but I need to know for sure (and do some more rewriting of the book
).