Prevent user from adding themselves to administrator group
Permalink 2 users found helpful
I've created a scaled down admin group called "editors" that hides some features that a client doesn't need to see. The problem is, the client needs access to add/edit/delete users and groups and with that ability, keeps adding themselves to the Administrator group. Is there any way to prevent this?
Thanks for the info mose. If you do put something together let me know - could definitely come in handy down the road. I would prefer the peace of mind knowing that a client isn't messing around with page defaults and sitewide settings if I've hidden those features from them in the dashboard, but with limited php smarts I'll have to trust them for now!
Hi Mose... this is a good description of this functionality... it's been 12 months since this thread started.... does anyone have additional info on this topic? Is there a way to have more discretion with group access?
Wow, I'm glad I figured out how to search this specifically enough to find the answer.
So... Admin Group is not really dangerous? I was worried about the client adding a user and then adding it to the Admin Group and then destroying the site.
So... Admin Group is not really dangerous? I was worried about the client adding a user and then adding it to the Admin Group and then destroying the site.
I've created a package (based on 5.4.2) that disables users that are not either a super user or an existing administrator from adding users to the administrators group. Please note I built this for 5.4.2.X, it'll probably work for prior versions but probably not on 5.5.X.
Might you be thinking of updating this for 5.5?
What you are really asking, then, is if there is a way to prevent a user from adding themselves to group X, where X is any group, and the answer is, "No". If the user has access to User and Groups, then they can add any user to any group, including Administrators.
In order to change this behavior, you would have to alter the code. You could put a check in the section that lists groups. If the user is not in the Administrators group, it doesn't list the Administrators group. You could even get fancy and only allow a user to add people to the groups to which the user belongs. So, they would be a "group admin". That sounds like that might have some potential. I just might have to look into that. :-)