New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Org Admin Cannot Leave an Org #14153
Comments
Thanks for the issue, we will take it into consideration! Our team of engineers is busy working on many types of features, please give us time to get back to you. Feature requests that require more discussion may be closed. Read more about our feature request process on forem.dev. To our amazing contributors: issues labeled To claim an issue to work on, please leave a comment. If you've claimed the issue and need help, please ping @forem/oss. The OSS Community Manager or the engineers on OSS rotation will follow up. For full info on how to contribute, please check out our contributors guide. |
I tested locally, just to confirm there is a "normal" path to remove yourself from an organization you are the admin of. You can make another user an admin, and they can revoke your admin status (the remove from organization option appears after that's done). This requires two cooperating parties (any admin can revoke any other admin's status, any admin can remove any non-admin member). This seems to prevent the abandoning of an organization that would have no admin user through ensuring another admin is required to revoke admin privileges. Alternately: if you're not an admin you can leaveOnce someone else has taken your admin role away for the organization, you can leave since you're a normal user.It seems like transferring ownership of the organization currently requires the admin role recipient to release the previous admin's privilege, you can't blind transfer admin to another user (and you can only do this to an existing member of the organization, one that's signed up using the secret code already). Otherwise, not shown in the original screenshot - there is a "danger zone" for admin accounts that offers to permit deleting the organization (which will remove you from it as well) - you have to remove posts and other users first. |
This is great info to have handy here — thanks @djuber! This flow is actually pretty dang good as it requires an admin to find a new admin prior to leaving an org (unless the org is completely empty and they delete it). Maybe this should stay the same, but we could communicate this in the UX somehow or if not, at least in the FAQ on this page. For now, I'll update the FAQ, but I do think it's worth potentially thinking of a way to make the "normal path" more obvious to the user within the UX. |
Agreed - the idea is there's a hidden "org admin transfer" workflow that has to happen if the org is non-empty and you want to leave as an admin. Getting from "admin" to "not a member" required seeing this workflow in my head - it might be reasonable to add a description of this process to the "danger zone" (where the delete organization button and text is) in case someone is looking for the "leave organization" and doesn't understand why they don't see it. |
Totally @djuber... gonna leave this one here for a bit to think about. I've updated our FAQ for now and included a couple notes on how to remove yourself from an org and how to transfer an org: |
One thing that comes to mind... it'd be helpful if an org admin could remove their own status and leave an org so long as there is another org admin in place. |
I think the only danger there is the blind transfer, since the same admin that can "promote" a user to an admin can then leave the org, and the new admin account may or may not be active/willing/happy about that responsibility. The same argument I think holds for "if you're not the only admin, you should be able to leave the organization". I'm not convinced whether the desire to keep an active admin involved in each organization is an important enough goal to impede the user's desire to leave, and the worst case scenario is an organization is left without any responsible/active admin account and just drifts, which is likely what would happen if the current admin account didn't want to be involved any more and ignored it. |
Dang, you are so right! That said, shouldn't we potentially eliminate the ability for an org admin to grant another org member admin abilities without the member accepting this? Because to your point, currently a member can be made an admin and may not want that level of permission — just like they might not want the blind transfer.
I'm with you here... definitely considered the idea of just allowing an admin to leave an org admin-less. While it is a bit messy, I think the UX would improve to a degree — at least the person that wants to leave an org can do so. There are trade-offs either way... will continue to think about this. |
I'm so averse to leaving the org admin role empty, for some reason! It's a cross between not wanting Forem Admins to do more org admin than absolutely necessary, and not wanting to see orgs completely decay due to a lack of proactive membership maintenance. I do think that maybe a priority issue here is the fact that people can be made admins without opting in. Should we consider addressing that whilst brainstorming for the other (OG) one? |
I get not wanting to leave an org empty... definitely not ideal! I also feel like if an org admin wants to leave an org and can't figure out how (they don't realize they need to add a new admin to the org and then have the admin remove them as an admin) then they'll just stay in the org and ignore it or contact us and ask how they can leave. There's gotta be something we can do to make that a better experience for the user. I think I lean toward Dan's suggestion:
And agreed that we should make it so org admin have to accept that role! |
So I think an admin is able to delete the org if they are the last member of the org. I think that's the best way out for an admin looking to leave an organization, so that we aren't left with admin-less orgs. But yeah, as Dan said if the org does have other members they need to make an organization admin first before exiting. |
Describe the bug
Org admin don't have the ability to leave the organization that they are an admin for.
Expected behavior
Org admin should be able to leave an organization the same as a member. Maybe an admin should have to become a member prior to leaving an org or maybe an admin should be forced to recruit a new admin or delete their org in order to leave it.
Screenshots
Additional context
One reason why we may not want org admin to be able to easily remove themselves from an org is that it could be an abuse vector if someone creates a bunch of orgs and leaves them — they would be empty orgs. You could also end up with a situation where an org has no admin. Perhaps we should come up with a way to scan for admin-less orgs, so we could fix the issue by deleting the org or recruiting a new admin for it.
Related PR here - #9357
The text was updated successfully, but these errors were encountered: