"SuperUser" - howto?

Next topic

Author	Message
Torbjørn Laukvik	Wednesday 27 April 2005 7:47:00 am Ok, I am sure this has been asked before, so I am very sorry for bothering all of you again.... I want to make a user that has almost exactly the same rights as editor user, EXCEPT that he can create other users within the editor user group. (The editor user can create/delete content at will from inside the admin part) Do you understand? he should under noooo circumstances be allowed to create admin users or modify the anon users. I am using 3.5.1 and switching to 3.5.2 soon. (in case there is some groundbreaking differences in 3.5.2) Thanks
Bård Farstad	Wednesday 27 April 2005 7:49:59 am Torbjørn, this can easily be achieved by setting permissions on editing. You can limit editing/creating of users to a specific subtree. E.g. /user/editor users/. That way users who have rights like this can add and edit other users in that specific place, but nowhere else. Hope this answered your question. --bård Documentation: http://ez.no/doc
Torbjørn Laukvik	Wednesday 27 April 2005 8:05:25 am It sounds easy, but I'm not quite sure how to attack this. Have created a new role "superuser" the problem I'm facing right now is that if I try to add a new user policy for the "superuser" role, it's given no limitation all the time. Is this right? doesn't this mean that if I give someone user access, they can all create admins? I have of course added a user group with some users in it. Am I attacking this from the wrong angle?

Author

Message

Wednesday 27 April 2005 7:47:00 am

Ok, I am sure this has been asked before, so I am very sorry for bothering all of you again....

I want to make a user that has almost exactly the same rights as editor user, EXCEPT that he can create other users within the editor user group.
(The editor user can create/delete content at will from inside the admin part)

Do you understand? he should under noooo circumstances be allowed to create admin users or modify the anon users.

I am using 3.5.1 and switching to 3.5.2 soon. (in case there is some groundbreaking differences in 3.5.2)

Thanks

Bård Farstad

Wednesday 27 April 2005 7:49:59 am

Torbjørn,

this can easily be achieved by setting permissions on editing. You can limit editing/creating of users to a specific subtree. E.g. /user/editor users/. That way users who have rights like this can add and edit other users in that specific place, but nowhere else.

Hope this answered your question.

--bård

Documentation: http://ez.no/doc

Torbjørn Laukvik

Wednesday 27 April 2005 8:05:25 am

It sounds easy, but I'm not quite sure how to attack this.

Have created a new role "superuser"
the problem I'm facing right now is that if I try to add a new user policy for the "superuser" role, it's given no limitation all the time. Is this right? doesn't this mean that if I give someone user access, they can all create admins?

I have of course added a user group with some users in it.

Am I attacking this from the wrong angle?