New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable ability to add user to admin user group, unless user himself has admin rights #11208
Comments
+1 |
+1, with an additional option to restrict it to SUDO (some of our customers are experienced MODX-ers themselfs but we don't want them to create new Admins, that's restricted to SUDO users. |
👍 |
+1 |
1 similar comment
👍 |
Or herself ;)— On Thu, Apr 17, 2014 at 2:11 AM, Jens Külzer notifications@github.com
|
... yes, that too ... |
I am currently looking into this and am curious how others would prefer to see this approached? For example:
|
I think
and
would be fine for me |
Thanks for that feedback, @exside. I guess another item worth discussing is the current ability to Deactivate and Block higher authority Manager Users. Currently, you can simply block / deactivate an Administrator (Super User) or |
Good catches Mike and @exside definitely should be able to do that either IMO. |
definitely a good catch! that should not be possible (lower permission deactivate higher)! |
+1 |
So... problem is solved? or forgotten? :))))) |
Problem is not solved. Milestone was removed because a solution has yet to be provided in time for that release. |
Disable ability to add a user to the admin user group, unless the user who is trying to do this has admin rights himself. (Or; restrict users to add new users with higher permissions than they have themselves)
Now, content-editors with permissions to add new users can also create admin users, or give themselves admin rights.
This is a huge security flaw in my view, becasue I have content-editors who would like to.. experiment. ;)
The text was updated successfully, but these errors were encountered: