Permissions for 2nd Administrator v2.0

[kstj]

Hi
I am trying to figure out how to give someone all administrative permissions except being able to lock me out of the forum or change my password, etc. The options I see such as change others' profile, to me, would mean they can also change mine. I want them to have the ability to edit regular member profiles, assign passwaords manually, etc., just not mine.
In the traditional sense am the "owner" of the Forum site in that I did the installation and am the webmaster for the entire website that the Forum resides on.
(posted in error on 2.1 board but - as you know - I can't delete that post myself)

[Kindred]

you can not do it...

if you give someone admin rights, they have admin rights.
There is no lockout on specific actions for an admin

[kstj]

Thanks for the quick reply!
I installed via Softaculous. In cPanel I can see the list of installations which includes the SMF install. Selecting the SMF install it shows my original username and password. As a workaround, if I was to change it there would it make a change in the my application profile?

[kstj]

Actually, the Softaculous installation does provide a "reset admin password" function which appears as though this would be an excellent workaround to my issue. Should I ever be locked out by a "rogue" admin, I can reset the admin password and regain control.

[Kindred]

we have no idea what softaculous does...   we generally never recommend using such an autoinstaller because of that.

I am not sure what the reset admin password might do within SMF....   we didn't code an external service to do that - so we can't support it either.

[Aleksi "Lex" Kilpinen]

Actually, I have seen this done. Should be possible, but for the life of me I can't remember if it was a mod or just a very specific setup involving multiple "admin" -groups. Anyways, the membergroup 1 is a special group that has some additional security compared to other groups.

I'll get back to you later, I'll try to look in to this a bit.

[GigaWatt]

There was a mod that disabled the ability of other admins to revoke admin rights of a specific admin or delete the admin user all together, but I can't remember the name of the mod... and I think it was outdated, it was for 1.1.x and never ported to 2.0.

[Kindred]

it disabled the rights to remove someone from the 1 group...  but admins could still edit other admin's profiles, including passwords



Basically - its another case of trying to make a technical solution for a social problem.
Don't promote someone to admin if you do't trust them.

[Shambles]

There was a mod that disabled the ability of other admins to revoke admin rights of a specific admin or delete the admin user all together, but I can't remember the name of the mod...

Yeah that was the Super Admin mod - an RC release mod that could be massaged to work with current 2.0.* versions.

[Kindred]

2.0 RC1.....   would likely need a whole re-write