Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted March 11, 201311 yr I just found out tonight this could be done and kind at a loss as to why this could ever happen. The older software would not allow it but members with Admin cp access can delete member number 1 now unless you put in place admin restrictions which restrict them from accessing any members period. I have not changed any permissions in my groups since the upgrade and now 5 people can delete my account where they could not even access my account in the old software admin cp. Now I have the exact same group setting and permissions as was on the 2.3.6 software. We "site owners" need to have other members that can access and help out with the forum, but no one should have the ability to delete member number 1. Just found out here with this request for modification that admin cp access could delete member number 1: No Member #1 Deletion IPS this needs to be placed on a very high priority list to safe guard the site owners.
March 11, 201311 yr I just found out tonight this could be done and kind at a loss as to why this could ever happen. The older software would not allow it but members with Admin cp access can delete member number 1 now unless you put in place admin restrictions which restrict them from accessing any members period. I have not changed any permissions in my groups since the upgrade and now 5 people can delete my account where they could not even access my account in the old software admin cp. Now I have the exact same group setting and permissions as was on the 2.3.6 software. We "site owners" need to have other members that can access and help out with the forum, but no one should have the ability to delete member number 1. Just found out here with this request for modification that admin cp access could delete member number 1: No Member #1 Deletion IPS this needs to be placed on a very high priority list to safe guard the site owners. For every single IPB ACP Members restriction there is an additional restriction for the same, as a separate option specifically for managing users with acp access... also, member with member_id of 1 is not necessarily even an admin account, or existing, site owner may be another member made later, with the installation account retired or removed. Tools already exist in the software to do this.
March 11, 201311 yr Author I understand, but that defeats the purpose, so you are either going to have to remain in a separate group all the time or add those restrictions to all your admin when the simplest fix is to not have such loose permissions in the admin cp or the forum to be quite honest. Why did you not have to use and seek out suck restrictions with the old software? Why were apps and user groups better regulated with the older software than now? Change is great when it is for the best or benefits and these loose permissions are not the best by any means.
March 11, 201311 yr There is not really any significance with ID #1 with the newer versions apart from that was probably the one used to initially run the installer. :smile: The newer versions offer a lot more flexibility in restricting admins into what they can / cannot do too. Does sort of raise a question of allowing ACP access on your board to those who you would be concerned would actually delete your account too ?
March 11, 201311 yr Author I am not arguing about who you should trust and who you should not trust, that is the key and #1 priority in my book, however you know as well as anyone Andy what I am saying about the old software is true and you did not have to group restrict everyone. My old software I had it where the default Administrator group was the king if you want to call it and called it Administrator Root no ne could touch or edit the one account in there which I left it that way encase somehow my account was hacked I could override the hacker and take back my account. Then I had another group called Administrator which could do everything except edit anyone listed in the Administrator Root group this was a group created and by default it could not touch the original administrator group, heck it could not even edit anyone in the Administrator Root group. Then the Admin group I created since I wanted that group to have permissions so they could ban, etc and yes had they had restrictions keeping them out of the skins, task manager, and logs, but this group could pretty much do anything. With the new software those permissions went by the way side and if you have access to the admin cp and can manage members you can nuke who you want unless you set up and go through all of restrictions like Marcher pointed out and unless I set myself in a group all by myself I am restricted as well. I should not have to venture off or create another group to have the same protection I did with the older software. Now while we are on permissions all IPS apps use the default board setting for moderator rights?? If I want to dictate specific groups to have moderating group it the gallery per say, that should be my right as the board owner, not have everyone I want as a super moderator on the forum automatically have super moderator powers in the gallery, calendar, chat, what ever else is available. I will say this again, the new software is great, much faster and this hook stuff is just unreal and so convenient, however the basics seem to be gone and some not all of the features that are gone that should be the #1 list for maintaining and keeping up with the standards IPB was created on. You folks just getting into the game you have no idea what the older software did, but I have been using it since the 2.0 series stuff and a lot has changed many things for the better and some for the worse.
March 11, 201311 yr was older board SMF? sounds like the Owners group it used, id 1 was owner and group only allowed one member. admin group could do everything except edit that group or change urls.
March 11, 201311 yr I am not arguing about who you should trust and who you should not trust, that is the key and #1 priority in my book, however you know as well as anyone Andy what I am saying about the old software is true and you did not have to group restrict everyone. My old software I had it where the default Administrator group was the king if you want to call it and called it Administrator Root no ne could touch or edit the one account in there which I left it that way encase somehow my account was hacked I could override the hacker and take back my account. Then I had another group called Administrator which could do everything except edit anyone listed in the Administrator Root group this was a group created and by default it could not touch the original administrator group, heck it could not even edit anyone in the Administrator Root group. Then the Admin group I created since I wanted that group to have permissions so they could ban, etc and yes had they had restrictions keeping them out of the skins, task manager, and logs, but this group could pretty much do anything. So let me get this right... You want it to be like your old software, where there are multiple admin groups, one of which has ultimate power, with the others have restrictions on them. Yet, the fact that you can do that (and more) with IPB3 isn't enough for you because.. Okay I'm failing to understand why.. It's like saying you used to be able to visit your site using one web browser but you don't like that you can do that and more with a new web browser. I'm confused. As for 'protecting' user ID 1, it's a moot point. To internally protect it would actually introduce problems. For example, what if someone sold off the community? The seller could then continue to sign into the community and even take it over. Not only that but what if #1 gets hacked and another admin needs to disable the account until the 'owner' can be contacted? Oops, can't do it because it's protected since it's #1. If you're that worried about someone destroying or compromising the account, then you either shouldn't trust that person or you should tighten the restrictions. Even if a 'owner admin' account were to be demoted or even deleted, you can contact IPS support for assistance with regaining your authority. Edit: Just for the record, being able to restrict the activities of admins in the ACP was introduced during the IPB2 series. It's much more enhanced and robust now. It's easy to have a 'root' admin group and have other groups to be restricted. Only difference is, all that control is placed in your hands instead of making the decisions for you.
Archived
This topic is now archived and is closed to further replies.