February 21, 2013 in Feedback
This past week I discovered that when restricted admins promote a new administrator the new administrator gets the admin permissions of the person who promoted them and not the permissions of the group they were placed into. I placed the quote from the ticket if you would like to read more at the bottom. I totally agree there needs to be some system in place so administrator rights are correctly given out and preserved, which I believe in its current state my not properly happen, so that brings me to my suggestion. Allow the ability to set weighted admin groups, where you can weight the admin usergroups so member of group A can place people an admin in any group below their set weight value and group B below them and so on. If weights are not set then it defaults to the current system.
Let me know what you guys think of this suggestion part of the transcript from the ticket is below.
Hello,If you yourself are a restricted administrator, when you promote another user to administrator status they automatically inherit your permissions. This is done on purpose to ensure that one administrator cannot promote another user to administrator and effectively give the new admin more permissions than the original administrator has.The only way to bypass this built in protection is to login to the ACP as an unrestricted administrator and promote other users to administrator under that account.For the existing admins you have promoted, you can go to the ACP Restrictions page and delete their per-user restrictions. This will cause them to automatically begin using the per-group restrictions you have set up.Thanks,Brandon FarberInvision Power Services, Inc.
I understand why this feature is in place. However because of this feature what it is trying to prevent can also happen. Say group A has the ability to make admins and you want them to be allowed to make members admins with permissions from group B which are more restricted permissions but now they have the permissionsset for the admin of group A and now can do more then they are supposed to.I guess my suggestion is maybe add a feature where you can weight the admin usergroups so group A can place people in any admin group below them and group B below them and so on. If weights are not set then it defaults to the current system.Thanks again for the help.
An alternative would be to grant the new admin the intersection of the current admin's set and the group they are being promoted into (for those who aren't familiar with the concept of intersection, the intersection of two sets A and B are all elements that occur in BOTH sets, so for example in a Venn Diagram the intersection is the oval in the center where the two circles overlap).For example, if the current admin has permissions A, B, D, E, F, and H and the new group has permissions B, C, D, E, F, and G, the new admin placed into the new group would have permissions B, D, E, and F. This would require minimal effort to implement in the current system (heck I could probably whip up a hook for it without too much trouble) as opposed to adding new UI bits and documenting the whole "weights" system in a way that is easy for board administrators to understand.
This topic is now archived and is closed to further replies.
Started 3 hours ago
Started April 24, 2015
Started September 9, 2016