Separate Administrator Manage Users and Moderators Permission

[bluepaw]

Is it possible to get the Administrator permission "Manage users and moderators" split to two separate permissions? I'd like to have admins that can manage approving and editing users without being able to adjust moderators and their permissions. Right now it seems to be they get all or nothing.

 

[dieketzer]

'all or nothing' seems to be an issue in many areas of xf.
id love to see this suggestion come to pass.

(and a banned usergroup as well)

 

[Amaury]

(and a banned usergroup as well)

There's no need for a user group for banned members except for styling reasons, which you can just create yourself if needed.

 

[dieketzer]

There's no need for a user group for banned members except for styling reasons, which you can just create yourself if needed.

you are wrong, but this isnt the thread to date that in i suppose.

 

[Martok]

you are wrong, but this isnt the thread to date that in i suppose.

@Maru is correct but as you say, this should be discussed elsewhere.

 

[Reid2]

Has anyone come up with a way to grant an admin permission to manage users and not moderators? This does seem like something useful. Thanks in advance for any update on custom code or an add-on which might make this possible. Basically we want someone who can mange users; but not moderators.

 

[Zynektic]

Hmm, bumping this again - I just added a Super Moderator to the ACP with this to manage users and do not want them to be able to alter Moderators.

 

[Alpha1]

Hmm, bumping this again - I just added a Super Moderator to the ACP with this to manage users and do not want them to be able to alter Moderators.

For moderators to moderate new registrations, they need to be made admins with the permission Manage users and moderators. If they have this then they can make anyone moderator and administrator or remove such usergroups and status.
This seems a vulnerability to me. If a moderator goes rogue or account gets hacked, then this vulnerability can be exploited to make other accounts admin & moderator. Which can then be abused to merge all threads into one which destroys the site. As one example of how it could be exploited.

Moderator functionality should be separated from admin functionality for security reasons.
As is we cannot use best practices as we have always done on vbulletin.

 

[Floyd R Turbo]

Thanks for the bump. This does indeed appear to be a concern...one that I haven't really encountered though, because I don't really allow many people to have moderator rights