ROOT Admin Permissions

[Logan]

Hello,
I know this has been suggested before but I just want to explain why it is so important.
Imagine you had like what IPS has , IPS Management is the root admin group. Ok, But say they had a few members they didn't want to access a few things. The reg. key, SQL Toolbox etc... So you make a whole new group called Co-Management. Why? What would be the point. So what I am trying to say is, We need to set specific user-based permissions for ROOT admin group users. The main account like the first one, if possible. Set it as it has ALL permissions and no one else can edit it.

Being able to customize the root admin users permissions individually via their user profile would be a good, what sections they can and cannot access. Also make it so they cannot edit their own permissions? I think we need to have some kind of ONE main root user that no other root admin can edit and their settings cannot be over ridden? I don't know. You get my point somewhere in that ramble :)

Thanks

[Jasonawojo]

Anyone in the root admin group can access the SQL but I agree that we should be able to define Admin rights and I believe that Matt said this feature would be included in an post-final version of IPB 2.0.

[-Strider-]

theres a mod like this for ipb 1.3 at invisionize.com, i think its called 'special administration.

[Logan]

A 1.3 mod would be no good to me. As I use 2.0.0 final. But yes, comprehensive administration rights would be good. As I do not want everyone to have the key to the forum, or change security/privacy settings etc...

[elj]

I know this has been requested before, and hope it makes it into the next release.

The best way to do this would be a tree-map with check boxes, to allow them to see entire categories, or just certain parts.

[Wolfie]

Might be a better concept to have an Admin CP, as it is now, and then a CoAdmin CP, where there would be a limited number of sections..

Managements sections for Forums, Users, Skins, Emoticons & some of the more common/needed configuration options... Using a tree map would be a definite plus..

Configuration []On []Off
| Board status []On []Off
| etc
Forums []On []Off
| Add/Manage Forums []On []Off
| Moderators
| Permission Masks
Users
(etc etc etc)

Obviously you wouldn't want the user to be able to alter their own account, but to take that a step further, flag wether or not they can grant access to the Co-AdminCP, and if so, can only grant access to the same functions that they can access (so they can't grant someone higher access).

Would be a definite improvement towards having staff who can set up forums without going to a single admin, and obviously the fewer people who have full access, the better.

If nothing else, at least locking the primary account from any editting (ie, cannot be "demoted" nor deleted, and another account cannot change the password nor the email, etc)..

[TheProphet]

I really like Dacity2's idea, that would be somthing I'm looking for.

[.Daniel]

It definatly sounds good

[MWTeddy10]

I am waiting since 1.3 for this option. I hope it's comming soon. We have an IP department who can only take care of the hardware and environment but not the board contens. For that, we have 5 different Admins and all with the rights to kill the board. Hopefully nobody is doing a mistake......

[Mark_H]

It's pretty crude but the way I stop it at the moment is just putting a member id block inside the functions that I want to protect. For example in ad-mysql.php I just modified the root admin check to

  // Make sure we're a root admin, or else!

  

  if ($ibforums->member['id'] != '1')

  {

 	 $ibforums->admin->error("Sorry, these functions are for the site owner group only");

  }

It gets the job done for now when I don't want someone downloading all my customised systems from the db ;)

[Logan]

OR... with the current settings that are available. If you make another group with admin permissions, of course not ROOT only allowed one ROOT group. They already have blocked off stuff. That is efficient, so why not tweak the code heavily, to allow two admin user groups to co-exist with the same name? One Admin ROOT and one normal Admin(with current non-root restrictions). I think that is sufficient, not sure if possible though.

[Jamer]

OR... with the current settings that are available. If you make another group with admin permissions, of course not ROOT only allowed one ROOT group. They already have blocked off stuff. That is efficient, so why not tweak the code heavily, to allow two admin user groups to co-exist with the same name? One Admin ROOT and one normal Admin(with current non-root restrictions). I think that is sufficient, not sure if possible though.

<{POST_SNAPBACK}>

No this is not enough because that user can still delete the root admin, i know becuase i have tried it.

[gusto5]

really? i cant seem to be able to do it. Btw, this is for version 2.0.0

[RavenRaz]

I think it should be as flexible as possible because different sites need different permissions.

I like the idea of the check boxes so that you can tailer the permissions fully to your boards needs.

[Sire]

i could use this too.