• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Separate Administrator Manage Users and Moderators Permission

#1
Is it possible to get the Administrator permission "Manage users and moderators" split to two separate permissions? I'd like to have admins that can manage approving and editing users without being able to adjust moderators and their permissions. Right now it seems to be they get all or nothing.
 

dieketzer

Well-known member
#2
'all or nothing' seems to be an issue in many areas of xf.
id love to see this suggestion come to pass.

(and a banned usergroup as well)
 
#6
Has anyone come up with a way to grant an admin permission to manage users and not moderators? This does seem like something useful. Thanks in advance for any update on custom code or an add-on which might make this possible. Basically we want someone who can mange users; but not moderators.
 

Zynektic

Well-known member
#7
Hmm, bumping this again - I just added a Super Moderator to the ACP with this to manage users and do not want them to be able to alter Moderators.
 

Alfa1

Well-known member
#8
Hmm, bumping this again - I just added a Super Moderator to the ACP with this to manage users and do not want them to be able to alter Moderators.
For moderators to moderate new registrations, they need to be made admins with the permission Manage users and moderators. If they have this then they can make anyone moderator and administrator or remove such usergroups and status.
This seems a vulnerability to me. If a moderator goes rogue or account gets hacked, then this vulnerability can be exploited to make other accounts admin & moderator. Which can then be abused to merge all threads into one which destroys the site. As one example of how it could be exploited.

Moderator functionality should be separated from admin functionality for security reasons.
As is we cannot use best practices as we have always done on vbulletin.
 

Floyd R Turbo

Well-known member
#9
Thanks for the bump. This does indeed appear to be a concern...one that I haven't really encountered though, because I don't really allow many people to have moderator rights