Recently in work we hit an issue where we needed access to an historic customised Facebook page. We had access to the code but not access to admin section of the Facebook App.
I am sure we aren’t the only company this has happened to, so I figured I would write some thoughts on how I think this should best be handled. For the sake of brevity I will only discuss how developers should be managed, I will ignore testers or anyone else for now, I will also only be talking about looking after the Facebook App on Facebook, not the development work behind the scenes.
Facebook Apps carry with them the notion of roles, currently there are 5 of them, which you can read more about in the Application Security section of the Facebook Developer Documentation. For the purposes of what I am discussing today we are only really interested in the Administrator role and the Developer Role.
The difference between these roles is basically that Developers can’t add others to the App or reset / delete information about the App whilst administrators can.
The other thing that Facebook Apps carry with them is a (new) notion of Groups, this allows you to assign multiple users to a group and then assign the group to specific roles within the App.
Armed with these ideas my solution is very simple, first you need to set up two groups;
- Senior Developers
Unless you have a massive development team I would suggest keeping the Senior Developer group for one or two people who will be in charge of creating new Facebook Apps and administering them. They don’t even need to be technical people, but I think they should be someone who it is generally accepted has a long future with the company.
All other developers that need to look at Facebook Apps should go into the Developers group (including anyone listed as a Senior Developer).
Then for each App you should assign the Senior Developer group the role of Administrator, and the Developer group the role of Developer. Facebook requires that at least one actual person be kept as Administrator, I would suggest maybe a business manager role for this.
So long as both groups are kept up to date administering the access of individual Apps will be a breeze, just add new developers when they join and remove them when they leave. The Senior Developer role is slightly trickier only because if you have two and they both leave around the same time you will need someone outside of the ‘Facebook team’ to remind them to appoint new users to the group.
That is really all there is to it. Would love to hear your thoughts on how you manage it yourself.
Last edited 18/10/2011
Added in information about needing one actual user in the admin field.