Add User with Higher Permissions Level
Permalink
I went through the Advanced Permission and set up everything so my client can only access what they need to access. I put them in a group called "Super Users"
I gave him the ability to add new users in case he wants a staff member to be able to access the site too. However, he is able to add a new user to the Administrators group...which would grant them access to everything.
Did I miss something or is this a loophole in the permissions structure? A user should not be able to add a new user with higher permissions than themselves...
I gave him the ability to add new users in case he wants a staff member to be able to access the site too. However, he is able to add a new user to the Administrators group...which would grant them access to everything.
Did I miss something or is this a loophole in the permissions structure? A user should not be able to add a new user with higher permissions than themselves...
To fix this problem, there would need to be a permission structure associated with the Groups themselves.