Community
Support » Post installation

Is it possible to hide content from super user (user with ID 1)?

Posted by sahil5684 on February 22, 2013 at 9:09am

I am really sorry to ask this question but this is something important as my customer is asking this for security purpose. He don't want some content to show to super user even if he has the access to it. Any help would be appreciable.

Login or register to post comments Categories:

Comments

The issue is for Drupal 7

Posted by sahil5684 on February 22, 2013 at 9:10am

FYI :)

As per the security Guide,

Posted by sivkannan77 on February 22, 2013 at 10:28am

As per the security Guide, Your site doesn't need #1 user, please disable that. instead create one user accoutn and assign the administer role. Configure the required permission for the administer role.

read this documentation page - http://drupal.org/node/947312

--
Kamalakannan S
Global SoftLab
I love programming and Drupal

Thanks!

Posted by sahil5684 on March 1, 2013 at 4:35am

Well this is really informative. I was afraid to loose access from few files like update.php and install.php after disabling super user. But this solves my issue so far. Thank you very much!

.

Posted by tryitonce on February 22, 2013 at 10:40am

... very good point.
There must be lots of organisations that may not want their clever web-design guys to see & know everything.
What to do?

  • First, sure you can set the permissions so user1 cannot see certain content. You just go to the permission table and uncheck which content user1 should not see.
    The problem of course is that user1 can always change this.
  • You could structure a website project like this - user1 is the developer during testing - s/he creates a role for an admin person for the time the project goes live with the limitations in place required.
    When the site is live the user1 credentials are passed to the top dog - the clients boss or IT director. Only s/he can allow access to the user1 position if & when required - in his/her presence. In a critical, high security requiring set-up this may be the only way.

But, this will only be effective if the same is done for Database & FTP access to the server and the entire system has to be secured in a similar way.
This is what I would do in a critical, protective situation. Luckily I know enough to take up user1 after development and would be able to tweak the permissions table as and when needed. But not all clients may have this resource in-house.
.....

-----------
Good luck .....
... more recent results of trying Drupal just once are -
www.native-power.de
Malls and More

Well as far as I know...

Posted by sahil5684 on March 1, 2013 at 5:05am

tryitonce, I don't think this would help as there are no way to set permissions for super user through administrative interface. I feel the reply above helps me to understand the issue in-depth thanks though!

.

Posted by tryitonce on March 20, 2013 at 9:14pm

well, sahil5684, of course you can set permissions for the superuser no. 1.
The only problem is he can override them. So, that's were the thinking comes in to give the keys to someone else if the admin people in an organisation cannot be trusted sufficiently or should not even be tempted.
Security aside - there are situations where the superuser might remove her/his access permissions. For ex. if a superuser is also a member and needs to make sure to post only as the "normal" member and not by accident as the superuser.

-----------
Good luck .....
... more recent results of trying Drupal just once are -
www.native-power.de
Malls and More