Is it possible to get the Administrator permission "Manage users and moderators" split to two separate permissions? I'd like to have admins that can manage approving and editing users without being able to adjust moderators and their permissions. Right now it seems to be they get all or nothing.
Has anyone come up with a way to grant an admin permission to manage users and not moderators? This does seem like something useful. Thanks in advance for any update on custom code or an add-on which might make this possible. Basically we want someone who can mange users; but not moderators.
For moderators to moderate new registrations, they need to be made admins with the permission Manage users and moderators. If they have this then they can make anyone moderator and administrator or remove such usergroups and status.
This seems a vulnerability to me. If a moderator goes rogue or account gets hacked, then this vulnerability can be exploited to make other accounts admin & moderator. Which can then be abused to merge all threads into one which destroys the site. As one example of how it could be exploited.
Moderator functionality should be separated from admin functionality for security reasons.
As is we cannot use best practices as we have always done on vbulletin.