1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Separate Administrator Manage Users and Moderators Permission

Discussion in 'XenForo Suggestions' started by bluepaw, Nov 20, 2014.

  1. bluepaw

    bluepaw Member

    Is it possible to get the Administrator permission "Manage users and moderators" split to two separate permissions? I'd like to have admins that can manage approving and editing users without being able to adjust moderators and their permissions. Right now it seems to be they get all or nothing.
    Alfa1, Zachy, Andrej and 4 others like this.
  2. dieketzer

    dieketzer Well-Known Member

    'all or nothing' seems to be an issue in many areas of xf.
    id love to see this suggestion come to pass.

    (and a banned usergroup as well)
    Xon likes this.
  3. Amaury

    Amaury Well-Known Member

    There's no need for a user group for banned members except for styling reasons, which you can just create yourself if needed.
  4. dieketzer

    dieketzer Well-Known Member

    you are wrong, but this isnt the thread to date that in i suppose.
  5. Martok

    Martok Well-Known Member

    @Maru is correct but as you say, this should be discussed elsewhere.
  6. Reid2

    Reid2 Member

    Has anyone come up with a way to grant an admin permission to manage users and not moderators? This does seem like something useful. Thanks in advance for any update on custom code or an add-on which might make this possible. Basically we want someone who can mange users; but not moderators.
  7. Zynektic

    Zynektic Well-Known Member

    Hmm, bumping this again - I just added a Super Moderator to the ACP with this to manage users and do not want them to be able to alter Moderators.
  8. Alfa1

    Alfa1 Well-Known Member

    For moderators to moderate new registrations, they need to be made admins with the permission Manage users and moderators. If they have this then they can make anyone moderator and administrator or remove such usergroups and status.
    This seems a vulnerability to me. If a moderator goes rogue or account gets hacked, then this vulnerability can be exploited to make other accounts admin & moderator. Which can then be abused to merge all threads into one which destroys the site. As one example of how it could be exploited.

    Moderator functionality should be separated from admin functionality for security reasons.
    As is we cannot use best practices as we have always done on vbulletin.

Share This Page