Advertisement:

Author Topic: "Administrate forum and database" permission split up  (Read 29263 times)

Offline devil9394

  • Semi-Newbie
  • *
  • Posts: 25
"Administrate forum and database" permission split up
« on: April 10, 2012, 01:29:44 PM »
I wanted to suggest something related to the Permissions.

"Administrate forum and database" permission should be split up in some other options, since there are some important things that could be added to some ranks, without giving the access of the most important and secret things of the forum (Package Manager, to all the Configuration Permissions)

- Censored List (from Posts and Topics): This list could be edited by other ranks, without having access to the Package Manager, to all the Configuration Permissions, etc.

And I don't know, if you think some more things from there could be split up, it'd be very good.

Offline NanoSector

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 10,500
  • Gender: Male
  • VC321xb47@aperture:~#
    • Yoshi2889 on GitHub
Re: "Administrate forum and database" permission split up
« Reply #1 on: April 10, 2012, 02:56:23 PM »
Yeah, I have to agree.

By checking that box you are giving the membergroup too many permissions.
I think it should be split up in MANY other sub-permissions. Too many to list right now, really.
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

Offline devil9394

  • Semi-Newbie
  • *
  • Posts: 25
Re: "Administrate forum and database" permission split up
« Reply #2 on: April 10, 2012, 04:19:32 PM »
Yeah, I have to agree.

By checking that box you are giving the membergroup too many permissions.
I think it should be split up in MANY other sub-permissions. Too many to list right now, really.
Exactly what I meant.
Thank you for your opinion. ;)

Offline emanuele

  • SMF Super Hero
  • *******
  • Posts: 14,156
  • Gender: Male
  • THERE'S JUST ME
Re: "Administrate forum and database" permission split up
« Reply #3 on: April 12, 2012, 07:42:19 AM »
Too many to list right now, really.
But without a list we cannot know what you have in mind... ;D


Take a peek at what I'm doing! ;D



Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Offline NanoSector

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 10,500
  • Gender: Male
  • VC321xb47@aperture:~#
    • Yoshi2889 on GitHub
Re: "Administrate forum and database" permission split up
« Reply #4 on: April 12, 2012, 07:51:18 AM »
Too many to list right now, really.
But without a list we cannot know what you have in mind... ;D
1. Install packages.
2. Install languages.
3. Modify server settings.
4. Enable/disable core features.
5. Open the Error Log.
6. Open the Administration log.
7. Open the Moderation log.
8. Run maintenance tasks.

And I can go on for like 100 more entries right now.
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

Offline emanuele

  • SMF Super Hero
  • *******
  • Posts: 14,156
  • Gender: Male
  • THERE'S JUST ME
Re: "Administrate forum and database" permission split up
« Reply #5 on: April 12, 2012, 07:55:14 AM »
So basically you would like a single permission for every single menu entry?


Take a peek at what I'm doing! ;D



Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Offline NanoSector

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 10,500
  • Gender: Male
  • VC321xb47@aperture:~#
    • Yoshi2889 on GitHub
Re: "Administrate forum and database" permission split up
« Reply #6 on: April 12, 2012, 07:59:54 AM »
So basically you would like a single permission for every single menu entry?
No, for anything an admin can do. Not for every menu entry.

Just allow people to tune the permissions in precision instead of a sluggy master permission.
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

Offline emanuele

  • SMF Super Hero
  • *******
  • Posts: 14,156
  • Gender: Male
  • THERE'S JUST ME
Re: "Administrate forum and database" permission split up
« Reply #7 on: April 12, 2012, 08:40:04 AM »
Disclaimer: I'm not trying to say the proposal is not valid, I'm discussing how it could be useful. ;)

Okay, then I can start with the short list you posted:
1. Install packages.
2. Install languages.
3. Modify server settings.
If you allow someone to install a package he should be allowed to install a lang-pack and vice versa. In my opinion.
But to install packages then you may need to be able to modify server settings, or maybe you just need to know then (i.e. ftp password).
So I don't see any reason to separate them.

4. Enable/disable core features.
So you would give a person the ability to enable or disable core features just "for the fun of it"?
A core feature is something important that should be part of the forum or not based on the goal of the forum, not just something that (warning: exaggeration) a moderator should be able to turn off.
I think.
Additionally have the permission to install packages without the permission of enable core features is rather useless...

5. Open the Error Log.
In certain cases maybe this could help. Not sure how and why but it could I think.
Even though most likely any non-admin wouldn't be able to do anything in case of errors

6. Open the Administration log.
That's called "administration" because only admin should be able to see it.

7. Open the Moderation log.
?action=moderate;area=modlog
It's already a separated permission, you only find it in another location.

8. Run maintenance tasks.
Within the maintenance tasks thre is also the "database" set of tasks, giving someone the permission to access this gives him the permission to 1) convert the forum to utf8 (not exactly something that should be allowed to non-admins), 2) backup the database (i.e. gives the permission to collect all the email addresses and all the PMs of any member of the forum, again something a non-admin should not be able to do)
That said, I can agree that give separate permission to perform routine, members and topics maintenance tasks to another person without giving him any other permission could be useful.

So, from your list I'd save the permission to view error logs (should the list take care of hide IPs and/or personal informations?) and to run "basic" maintenance tasks.
Additionally I would add:
* a permission to manage current theme/layout (but that would be tricky because the non-admin member should not be able to change directories and urls IMHO);
* censored words could be linked to security and moderation and given a separated permission;
* calendar administration?...maybe...even though there isn't much to do.

That's what I can think about. All the other pages seem to me pretty much related or too "important" for a stand-alone permission...


Take a peek at what I'm doing! ;D



Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Offline NanoSector

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 10,500
  • Gender: Male
  • VC321xb47@aperture:~#
    • Yoshi2889 on GitHub
Re: "Administrate forum and database" permission split up
« Reply #8 on: April 12, 2012, 09:10:53 AM »
I just chopped these right out of my head though.

Disclaimer: I'm not trying to say the proposal is not valid, I'm discussing how it could be useful. ;)

Okay, then I can start with the short list you posted:
1. Install packages.
2. Install languages.
3. Modify server settings.
If you allow someone to install a package he should be allowed to install a lang-pack and vice versa. In my opinion.
But to install packages then you may need to be able to modify server settings, or maybe you just need to know then (i.e. ftp password).
So I don't see any reason to separate them.
I think Server Settings should be separated anyway. Granting someone the permission to install packages doesn't mean they should be able to mess around with the server. They can ask the admin anyway if something fails to work.

Quote
4. Enable/disable core features.
So you would give a person the ability to enable or disable core features just "for the fun of it"?
A core feature is something important that should be part of the forum or not based on the goal of the forum, not just something that (warning: exaggeration) a moderator should be able to turn off.
I think.
Additionally have the permission to install packages without the permission of enable core features is rather useless...
Yes, though some sites have things as co-admins or even a separate group for site maintainer which should be granted permission to check that stuff.

Quote
5. Open the Error Log.
In certain cases maybe this could help. Not sure how and why but it could I think.
Even though most likely any non-admin wouldn't be able to do anything in case of errors
I think it'll help with checking the status of the site; not only admins should be allowed to do so.

Quote
6. Open the Administration log.
That's called "administration" because only admin should be able to see it.
Again coming with the point of co-admin and site maintainer.

Quote
7. Open the Moderation log.
?action=moderate;area=modlog
It's already a separated permission, you only find it in another location.
Meh, my bad ;D

Quote
8. Run maintenance tasks.
Within the maintenance tasks thre is also the "database" set of tasks, giving someone the permission to access this gives him the permission to 1) convert the forum to utf8 (not exactly something that should be allowed to non-admins), 2) backup the database (i.e. gives the permission to collect all the email addresses and all the PMs of any member of the forum, again something a non-admin should not be able to do)
That said, I can agree that give separate permission to perform routine, members and topics maintenance tasks to another person without giving him any other permission could be useful.
Yes, that's what I'm thinking. Maybe even create a sub-permission like "Manage the database" or something that allows you to do the database routine.

Quote
So, from your list I'd save the permission to view error logs (should the list take care of hide IPs and/or personal informations?) and to run "basic" maintenance tasks.
Additionally I would add:
* a permission to manage current theme/layout (but that would be tricky because the non-admin member should not be able to change directories and urls IMHO);
* censored words could be linked to security and moderation and given a separated permission;
* calendar administration?...maybe...even though there isn't much to do.

That's what I can think about. All the other pages seem to me pretty much related or too "important" for a stand-alone permission...
Guess I'll agree with that, though the first point doesn't need to be difficult; just do not allow access to the paths stuff.
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

Offline Norv

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 18,313
  • Blue Wolf
Re: "Administrate forum and database" permission split up
« Reply #9 on: April 12, 2012, 10:01:08 AM »
Fully agree with Emanuele.

I don't really see the usefulness of error logs without IPs and in fact I can think of more; nor am I sure about (immediate, i.e. 2.1) need for calendar admin.

I'd add a couple of things here.
So basically you would like a single permission for every single menu entry?
No, for anything an admin can do. Not for every menu entry.

Just allow people to tune the permissions in precision instead of a sluggy master permission.

One "sluggy" master permission is there basically because just about any admin action like those either requires or implies others. They give one (or require one to have, to do the job right), *admin* permissions over the forum.

Quote
Quote
1. Install packages.
2. Install languages.
3. Modify server settings.
If you allow someone to install a package he should be allowed to install a lang-pack and vice versa. In my opinion.
But to install packages then you may need to be able to modify server settings, or maybe you just need to know then (i.e. ftp password).
So I don't see any reason to separate them.
I think Server Settings should be separated anyway. Granting someone the permission to install packages doesn't mean they should be able to mess around with the server. They can ask the admin anyway if something fails to work.

One of the problems here is, "something fails to work" in package installation may put the site offline. Until they can ask the admin.
Also, they can find out the server settings anyway, since they are able to install a package which does/reads anything on forum database/files. In other words, granting someone permission to install packages means they are perfectly able to mess around with the entire forum.


I don't know what means the concept of co-admin, if it's not an admin of at least "forum and database".
To-do lists are for deferral. The more things you write down the later they're done… until you have 100s of lists of things you don't do.
File a security report | Developers' Blog | Bug Tracker

Also known as Norv on D* | Norv N. on G+ | Norv on Github

Offline NanoSector

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 10,500
  • Gender: Male
  • VC321xb47@aperture:~#
    • Yoshi2889 on GitHub
Re: "Administrate forum and database" permission split up
« Reply #10 on: April 12, 2012, 10:06:10 AM »
Too lazy to quote right now, so:

1. The master permission can be separated well enough. A lot of actions do not need others to work.

2. You have a point there, though if you are admin of a site, you should at least have the main admin's e-mail. At least that's what I think.

3. My concept of co-admin is a separate membergroup that basically is just admin, like, not able to do EVERYTHING an admin is able to do.
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

Offline IchBin™

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 11,116
  • Gender: Male
  • I don't speak German.
Re: "Administrate forum and database" permission split up
« Reply #11 on: April 12, 2012, 02:37:03 PM »
I don't think any user should be able to touch the package manager without being Admin.
IchBin™        TinyPortal

Offline Norv

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 18,313
  • Blue Wolf
Re: "Administrate forum and database" permission split up
« Reply #12 on: April 12, 2012, 02:46:30 PM »
Yoshi One, a little reminder: point 2/ has two sub-points. The second is exactly that they are able to do everything an admin is able to do, if only they install the right mod, or use the database, etc etc.

Ema may want to analyze the very particular cases where something may be done, but basically I think things should be this way: in the permissions redesign (which will happen for 3.0 or up), there's quite some mess in permissions to rethink. If you wish, it might be interesting to take others for a discussion.
However, something like the critical administration tasks, meaning these ones (basically), must remain together. With them, you made someone an admin anyway. (and it's not even relevant if they have other permissions, they could take them: they administrate.). That's an admin/co-admin: they are administrating forum/database.

It would be dangerous to split them in such way that people may think their "co-admin" has a permission like 'install packages/language files' and not 'server settings access'. Because it's basically false, and basically a false sense of security, on a critical bit: those 'co-admins' can access server settings. And just about everything else on the forum.
To-do lists are for deferral. The more things you write down the later they're done… until you have 100s of lists of things you don't do.
File a security report | Developers' Blog | Bug Tracker

Also known as Norv on D* | Norv N. on G+ | Norv on Github

Offline emanuele

  • SMF Super Hero
  • *******
  • Posts: 14,156
  • Gender: Male
  • THERE'S JUST ME
Re: "Administrate forum and database" permission split up
« Reply #13 on: April 12, 2012, 03:36:15 PM »
However, something like the critical administration tasks, meaning these ones (basically), must remain together. With them, you made someone an admin anyway. (and it's not even relevant if they have other permissions, they could take them: they administrate.). That's an admin/co-admin: they are administrating forum/database.

It would be dangerous to split them in such way that people may think their "co-admin" has a permission like 'install packages/language files' and not 'server settings access'. Because it's basically false, and basically a false sense of security, on a critical bit: those 'co-admins' can access server settings. And just about everything else on the forum.
While writing my previous post I was even considering to go a step further and propose to completely remove those "admin-only" permissions and reserve them for the admin group only.
Maybe too much...


Take a peek at what I'm doing! ;D



Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Offline NanoSector

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 10,500
  • Gender: Male
  • VC321xb47@aperture:~#
    • Yoshi2889 on GitHub
Re: "Administrate forum and database" permission split up
« Reply #14 on: April 12, 2012, 03:51:31 PM »
While I must agree, I still think the current permission is too much in one package. It should definitely be split up in way more permissions. How and what you are going to split really doesn't matter much to me, but really, lots of stuff can be split from it.
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

Offline Norv

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 18,313
  • Blue Wolf
Re: "Administrate forum and database" permission split up
« Reply #15 on: April 12, 2012, 03:59:21 PM »
However, something like the critical administration tasks, meaning these ones (basically), must remain together. With them, you made someone an admin anyway. (and it's not even relevant if they have other permissions, they could take them: they administrate.). That's an admin/co-admin: they are administrating forum/database.

It would be dangerous to split them in such way that people may think their "co-admin" has a permission like 'install packages/language files' and not 'server settings access'. Because it's basically false, and basically a false sense of security, on a critical bit: those 'co-admins' can access server settings. And just about everything else on the forum.
While writing my previous post I was even considering to go a step further and propose to completely remove those "admin-only" permissions and reserve them for the admin group only.
Maybe too much...

Yep. Crossed my mind. :D
To-do lists are for deferral. The more things you write down the later they're done… until you have 100s of lists of things you don't do.
File a security report | Developers' Blog | Bug Tracker

Also known as Norv on D* | Norv N. on G+ | Norv on Github

Offline devil9394

  • Semi-Newbie
  • *
  • Posts: 25
Re: "Administrate forum and database" permission split up
« Reply #16 on: April 17, 2012, 02:14:09 PM »
I'd like to thank you all for your comments and ideas regarding this topic.

While I must agree, I still think the current permission is too much in one package. It should definitely be split up in way more permissions. How and what you are going to split really doesn't matter much to me, but really, lots of stuff can be split from it.
This is exactly what I meant, there are too many things integrated in only one permission, some of them being useful things that could be given to who knows what rank, without giving the access of the most important and secret things of the forum.
And if this split up would make problems to some amateur SMF users, then it could be added on a separate page, than the trivial Permissions page, so the amateur users won't give a too important permission to who knows what rank, if you understand what I mean.

Offline Norv

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 18,313
  • Blue Wolf
Re: "Administrate forum and database" permission split up
« Reply #17 on: April 17, 2012, 02:19:09 PM »
Other examples than 'administrate forum and database' would be useful, devil9394, if you can propose some and their usefulness.
To-do lists are for deferral. The more things you write down the later they're done… until you have 100s of lists of things you don't do.
File a security report | Developers' Blog | Bug Tracker

Also known as Norv on D* | Norv N. on G+ | Norv on Github

Offline devil9394

  • Semi-Newbie
  • *
  • Posts: 25
Re: "Administrate forum and database" permission split up
« Reply #18 on: April 19, 2012, 11:01:10 AM »
Manage Censored Words List (Posts and Topics -> Censored Words): This function could be added to some low ranks, without having to give them all the other things from "Administrate forum and database".

I'd suggest some other things that could be split up, but these things are more for those that I could, and would like to, add to some lower ranks without giving access to server settings, therefore there is no need for me to suggest them, as they wouldn't fit in all the cases.

Offline 青山 素子

  • Server Team
  • SMF Super Hero
  • *
  • Posts: 17,073
  • 戦場ヶ原、蕩れ!
    • srvrguy on GitHub
    • @motokochan on Twitter
    • Nekomusume Moe
Re: "Administrate forum and database" permission split up
« Reply #19 on: April 20, 2012, 12:47:15 AM »
Manage Censored Words List (Posts and Topics -> Censored Words): This function could be added to some low ranks, without having to give them all the other things from "Administrate forum and database".

It's a good idea, but the only problem is that the replacement for the censored word can be any kind of thing at all, even JavaScript and arbitrary HTML. The feature would have to be re-written to not allow anything beyond basic bbcode to make it safe for granting to non-admins. Personally, I think it has merit.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Offline devil9394

  • Semi-Newbie
  • *
  • Posts: 25
Re: "Administrate forum and database" permission split up
« Reply #20 on: April 21, 2012, 06:22:30 AM »
It's a good idea, but the only problem is that the replacement for the censored word can be any kind of thing at all, even JavaScript and arbitrary HTML. The feature would have to be re-written to not allow anything beyond basic bbcode to make it safe for granting to non-admins. Personally, I think it has merit.
Excuse me, but I did not understand pretty well what you meant. Are you saying that there has to be a replacement for the Censored Word option from posts and topics, so it could be added to lower ranks too?

Offline emanuele

  • SMF Super Hero
  • *******
  • Posts: 14,156
  • Gender: Male
  • THERE'S JUST ME
Re: "Administrate forum and database" permission split up
« Reply #21 on: April 21, 2012, 12:03:28 PM »
I think the meaning is that to allow "lower ranks" to enter replacement for censored words, at least on saving they have to be passed through parse_bbc or preparsecode (don't remember which one is the important one...) because at the moment you can put any thing you want as replacement, even crappy html.


Take a peek at what I'm doing! ;D



Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Offline 青山 素子

  • Server Team
  • SMF Super Hero
  • *
  • Posts: 17,073
  • 戦場ヶ原、蕩れ!
    • srvrguy on GitHub
    • @motokochan on Twitter
    • Nekomusume Moe
Re: "Administrate forum and database" permission split up
« Reply #22 on: April 21, 2012, 01:13:26 PM »
because at the moment you can put any thing you want as replacement, even crappy html.

Yeah, basically. Anyone with access to edit the censored words list can use any code they want and it's accepted. This is a security issue if you allow lower-trust users access to the feature.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Offline devil9394

  • Semi-Newbie
  • *
  • Posts: 25
Re: "Administrate forum and database" permission split up
« Reply #23 on: April 21, 2012, 03:11:04 PM »
because at the moment you can put any thing you want as replacement, even crappy html.

Yeah, basically. Anyone with access to edit the censored words list can use any code they want and it's accepted. This is a security issue if you allow lower-trust users access to the feature.
What if it will be made so the words that are added there will be automatically changed with a number of * equal to the number of the characters from the censored word?

Anyway, if this could be added as a permission to which rank you want, then it could be easily removed from the ranks that abuse it in that way, as it's very easy to edit the censored words list, and to take care of an abuse of it.

Offline 青山 素子

  • Server Team
  • SMF Super Hero
  • *
  • Posts: 17,073
  • 戦場ヶ原、蕩れ!
    • srvrguy on GitHub
    • @motokochan on Twitter
    • Nekomusume Moe
Re: "Administrate forum and database" permission split up
« Reply #24 on: April 21, 2012, 03:27:44 PM »
What if it will be made so the words that are added there will be automatically changed with a number of * equal to the number of the characters from the censored word?

It's an option, but then you can't do word-replacement gags or substitutions (like changing "Voldemort" into "he-who-must-not-be-named"). It'd probably be better to just only allow bbcode for formatting and to strip or ignore raw HTML.


Anyway, if this could be added as a permission to which rank you want, then it could be easily removed from the ranks that abuse it in that way, as it's very easy to edit the censored words list, and to take care of an abuse of it.

It's not just abuse by people who have legitimate access, but if their accounts are compromised. I understand that someone who has admin-level access might also have this problem, but usually people that would have enough trust for that level of access would normally be more careful about that kind of thing.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Offline emanuele

  • SMF Super Hero
  • *******
  • Posts: 14,156
  • Gender: Male
  • THERE'S JUST ME
Re: "Administrate forum and database" permission split up
« Reply #25 on: April 22, 2012, 05:59:56 AM »
Wellllll.....there could be two things: a "proper" censoring where words are replaced by asterisks and a string-replacement.
The first a mere list of words that can be added by "moderators", the second an admin thing.

* emanuele said nothing!


Take a peek at what I'm doing! ;D



Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Offline devil9394

  • Semi-Newbie
  • *
  • Posts: 25
Re: "Administrate forum and database" permission split up
« Reply #26 on: April 26, 2012, 09:05:24 AM »
Wellllll.....there could be two things: a "proper" censoring where words are replaced by asterisks and a string-replacement.
The first a mere list of words that can be added by "moderators", the second an admin thing.

* emanuele said nothing!
So you are suggesting to let the current censored list there, and just add a new one with that function for lower staff member ranks? If so, then I agree with that too.

Offline Hathor

  • Semi-Newbie
  • *
  • Posts: 34
Re: "Administrate forum and database" permission split up
« Reply #27 on: April 08, 2015, 04:10:27 AM »
I wanted to suggest something related to the Permissions.

"Administrate forum and database" permission should be split up in some other options, since there are some important things that could be added to some ranks, without giving the access of the most important and secret things of the forum (Package Manager, to all the Configuration Permissions)

- Censored List (from Posts and Topics): This list could be edited by other ranks, without having access to the Package Manager, to all the Configuration Permissions, etc.

And I don't know, if you think some more things from there could be split up, it'd be very good.

Ancient thread, but i'll bite. I renamed Administrator group to Webmaster and created a new administrator group. The new admin group had access to everything they needed for administrating the forum, minus database access.