I see. We’re launching a global game-server (think Steam games like DayZ, Rust, FiveM, etc.) monetization platform through Stripe Connect, and we only onboard the server owner onto the Strapi instance with the Editor role.
Game-servers usually have plenty of administrators that contribute to all aspects of their community, including their (potential) websites. We’re currently in the beta phase with 10 active instances, and have already had many requests for additional contributors to be added to their CMS instances.
We, as the platform facilitators, have to go into their instance and add every additional Author/Editor manually - as the initial Editor definitely can’t be trusted with the permission to create or invite users. This would be okay if Super Admin wasn’t made available to them.
We’ve considered the following:
- Generating a generic (service) admin email address with strong password that they can share. Insecure, invalidates sessions, and all-around not a viable solution.
- Intercepting incoming requests that try to invite a new user with the Super Admin role on the web-server level, and rejecting the request altogether with a 403 states. This works, but the user-feedback is obviously lacking in this approach.
- Having an automated ticket panel on the service website and Discord server, that collects the required information and only allows Author and Editor to be chosen for roles. This sounds fine in practice, but we haven’t checked if this (inviting users through the API) is possible yet.
We would definitely appreciate any additional insights you can offer 