SMF Development > Feature Requests

"Administrate forum and database" permission split up

<< < (3/6) > >>

NanoSector:
Too lazy to quote right now, so:

1. The master permission can be separated well enough. A lot of actions do not need others to work.

2. You have a point there, though if you are admin of a site, you should at least have the main admin's e-mail. At least that's what I think.

3. My concept of co-admin is a separate membergroup that basically is just admin, like, not able to do EVERYTHING an admin is able to do.

IchBin™:
I don't think any user should be able to touch the package manager without being Admin.

Norv:
Yoshi One, a little reminder: point 2/ has two sub-points. The second is exactly that they are able to do everything an admin is able to do, if only they install the right mod, or use the database, etc etc.

Ema may want to analyze the very particular cases where something may be done, but basically I think things should be this way: in the permissions redesign (which will happen for 3.0 or up), there's quite some mess in permissions to rethink. If you wish, it might be interesting to take others for a discussion.
However, something like the critical administration tasks, meaning these ones (basically), must remain together. With them, you made someone an admin anyway. (and it's not even relevant if they have other permissions, they could take them: they administrate.). That's an admin/co-admin: they are administrating forum/database.

It would be dangerous to split them in such way that people may think their "co-admin" has a permission like 'install packages/language files' and not 'server settings access'. Because it's basically false, and basically a false sense of security, on a critical bit: those 'co-admins' can access server settings. And just about everything else on the forum.

emanuele:

--- Quote from: N. N. on April 12, 2012, 02:46:30 PM ---However, something like the critical administration tasks, meaning these ones (basically), must remain together. With them, you made someone an admin anyway. (and it's not even relevant if they have other permissions, they could take them: they administrate.). That's an admin/co-admin: they are administrating forum/database.

It would be dangerous to split them in such way that people may think their "co-admin" has a permission like 'install packages/language files' and not 'server settings access'. Because it's basically false, and basically a false sense of security, on a critical bit: those 'co-admins' can access server settings. And just about everything else on the forum.

--- End quote ---
While writing my previous post I was even considering to go a step further and propose to completely remove those "admin-only" permissions and reserve them for the admin group only.
Maybe too much...

NanoSector:
While I must agree, I still think the current permission is too much in one package. It should definitely be split up in way more permissions. How and what you are going to split really doesn't matter much to me, but really, lots of stuff can be split from it.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version