A few feature comments and question

Discuss features as they are added to the new version. Give us your feedback. Don't post bug reports, feature requests, support questions or suggestions here.
Forum rules
Discuss features as they are added to the new version. Give us your feedback. Don't post bug reports, feature requests, support questions or suggestions here. Feature requests are closed.
User avatar
nuclear_eclipse
Registered User
Posts: 36
Joined: Mon Apr 24, 2006 8:41 pm
Location: Rochester, NY
Contact:

Re: A few feature comments and question

Post by nuclear_eclipse »

They have, which is what the 'founder' tag is set for in a user's profile. Only founders can edit the permissions and status of other founders. That is unless I misunderstood what I read (somewhere, don't remember).

gutterballk7
Registered User
Posts: 30
Joined: Fri Oct 07, 2005 1:37 am

Re: A few feature comments and question

Post by gutterballk7 »

In your response to TwistedWeather's post... yes, they do have that founder status. Only founders can edit other founders.

However, my question revolves around the fact that a user should not be able to grant more powers than he/she already has - any "admin" given permission to edit groups for users could easily give his/herself more power.

I guess, if you want someone to be able to edit groups, maybe it's just better to make them a group leader for that group? Er... I don't know how they would manage that group without the ACP but... yeah.

I'm just saying, if you want a lower-level admin that could put people in a moderator group, he/she could easily give him/herself admin powers by editing his/her own group. Furthermore, even with the ability to grant admin permissions, then the user can give more permissions to his/herself. In general, no user should be able to make a user more powerful than what he/she currently is.

User avatar
nuclear_eclipse
Registered User
Posts: 36
Joined: Mon Apr 24, 2006 8:41 pm
Location: Rochester, NY
Contact:

Re: A few feature comments and question

Post by nuclear_eclipse »

I think the real point here is that if you are worried about a user giving themselves more power, they really shouldn't be part of your admin team. Do you really someone to be in charge of your system and its users if you can't even trust them to obey your limits?

gutterballk7
Registered User
Posts: 30
Joined: Fri Oct 07, 2005 1:37 am

Re: A few feature comments and question

Post by gutterballk7 »

nuclear_eclipse wrote: I think the real point here is that if you are worried about a user giving themselves more power, they really shouldn't be part of your admin team. Do you really someone to be in charge of your system and its users if you can't even trust them to obey your limits?
That is definately true, and I have thought of that same theory myself. However, an interesting story I have. The site I am an administrator on - well, I basically came out of nowhere, and within 2 months, I was an admin with the server password. Why? Because I apparently had good intentions and the admin trusted a person he didn't know.... and we kinda continued doing that. I could have been some internet "wacko" that just wanted to destroy.

Yes, you should be able to trust your admins to be better than that. But who says one can't go corrupt one day? For now, we will run off of trust, but it is just an idea.

User avatar
Lastof
Registered User
Posts: 518
Joined: Wed Mar 17, 2004 8:10 pm
Location: Two weeks last wednesday
Contact:

Re: A few feature comments and question

Post by Lastof »

If they didn't have access to (individual user) permissions you could specifically set certain permissions as "No", hence preventing them from using such options even if they have the permission set to yes elsewhere.

However, this is still setting permissions for your admins individually, which isn't an optimal soultion. But I can't think of another method.
Last edited by Lastof on 04 May 2008, 00:00, edited -1 times in total
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Look, I'm officially not a bug!!
SHS`: "Oooh Bertie, spank me with that casing stick, spank me spank me spaaaaannnnk mee!"
Image

Martin Blank
Registered User
Posts: 687
Joined: Sun May 11, 2003 11:17 am

Re: A few feature comments and question

Post by Martin Blank »

nuclear_eclipse wrote: I think the real point here is that if you are worried about a user giving themselves more power, they really shouldn't be part of your admin team. Do you really someone to be in charge of your system and its users if you can't even trust them to obey your limits?
I do trust my admins, but gutterballk7 does raise a good point. No one should be able to escalate permissions to a higher level than themselves. This is a tenet of good system design.

Perhaps there should be another permission set only for groups which determines whether users who are not admins of that specific group should be able to edit the memberships. This way, the board owner could designate the Administrators group as editable only by himself, or by whomever is marked as a group admin. It could even be hard-coded for that particular group, though I can see where it would be useful in groups that are provided moderating powers as well.
You can never go home again... but I guess you can shop there.

User avatar
EXreaction
Registered User
Posts: 1555
Joined: Sat Sep 10, 2005 2:15 am

Re: A few feature comments and question

Post by EXreaction »

Ok...I was just playing around with this myself...and the only way for an admin to give himself more admin permissions is if you set Can alter admin permissions to yes...thats the only way they can do it...it should be that a person can only edit a permission level lower than their own(founder-admin, admin-mod, mod-user)...OR atleast give a major warning when someone tries to set it so they can alter their own permissions at that level.

We need someone in here that works on it...they definatly need to do something with this...

Martin Blank
Registered User
Posts: 687
Joined: Sun May 11, 2003 11:17 am

Re: A few feature comments and question

Post by Martin Blank »

Did you try having someone with group-altering permissions but not in the Admins group add himself to the Administrators group?
You can never go home again... but I guess you can shop there.

User avatar
Lastof
Registered User
Posts: 518
Joined: Wed Mar 17, 2004 8:10 pm
Location: Two weeks last wednesday
Contact:

Re: A few feature comments and question

Post by Lastof »

It's definatly possible via groups.

I agree that there should be a setting on groups that either makes it so that only the group leaders of that group, or maybe that only the group leader and/or founders can change who is in the group.
Last edited by Lastof on 04 May 2008, 00:00, edited -1 times in total
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Look, I'm officially not a bug!!
SHS`: "Oooh Bertie, spank me with that casing stick, spank me spank me spaaaaannnnk mee!"
Image

Graham
Registered User
Posts: 1304
Joined: Tue Mar 19, 2002 7:11 pm
Location: UK

Re: A few feature comments and question

Post by Graham »

You do realise that what you are suggesting is already possible - admin permissions are granular so if you don't want anyone other than the group leader(s) altering the membership of groups you just don't give people admin access to the groups and just make them leader of the groups you want them to manage. Remember a group can have more than one leader....
"So Long, and Thanks for All the Fish"

Graham
Eeek, a blog!

Post Reply