By Crazy45 on

[HOW TO] add an administrator - Dumb question

Categories: Drupal 4.7.x

Comments

vm’s picture

vm commented

create a new role called "administrator"
add all permissions to this role
add users to the role
_____________________________________________________________________
My posts & comments are usually dripping with sarcasm.
If you ask nicely I'll give you a towel : )

jfxberns’s picture

jfxberns commented

This works--for the way the site is right now. But once you start adding new permissions (say you add a new module) then you have to go back and manually give the Administrator role you created the new permissions.

Is there something out there that can make sure that an Administrator role always has all permissions?

There are Anonymous and Authenticated users by default, why doesn't Drupal have an Administrator role by default? Giving multiple people the Administrator password is a recipe for disaster. Having to manually update the permissions for an Administrator role means that somewhere, sometime a person that needs the permission will not have it (manual systems are fallible).

It seems to be a loophole in an otherwise well-thought-out access control system.

John Berns
Travel Guide
Travel Photographer

dman’s picture

dman commented

How many 'root' users do you have on your host?

There is one super-admin, and other normal admins who have the ability to grant themselves privileges.

You have a point, and it looks easy to support this sort of propogation of super-powers. I thought about it also. But it's really easy to work around.

You'll find that if you grant your administrators the ability to manage permissions, they can do anything they need to, although it does take 2 extra steps.

.dan.
How to troubleshoot Drupal | http://www.coders.co.nz/

.dan. is the New Zealand Drupal Developer working on Government Web Standards