Protect user 1

the documentation on this module is pretty good, i think. read the help section, check your settings.

Automatically closed -- issue fixed for two weeks with no activity.

I too struggled with understanding and setting up to protect user 1 and admin role users. Although I did get it to work exactly how I wanted, it did take far too long. The documentation is generous but I found it difficult to grasp the permission logic and how the settings affected permissions. It is always far more difficult to write documentation with an intimate understanding of how it all works than from the perspective of the new user who just wants to get it working. I am not new to Drupal or programming but it took me LOTS of trial and testing to get it working. I could see many people just giving up... I feel this module has great value so decided to contribute what I have learnt in the hope that the module remains active.

To protect user 1 the ability to grant roles must also be restricted. Since User Protect does not prevent a user from editing their own role there is nothing to prevent them from granting themselves 'Admin' role and then hijacking the user 1 account. I found by combining User Protect and Role Delegation it prevented this security risk and provided a way to delegate user management with tiered levels of permissions. So far they seem to work together with no problems.

So to spare others the frustration I've created a few how-to pages in 'Home/Beyond the basics/Contributed modules/User management modules' http://drupal.org/node/328336. Since I am a visual learner I started with a flowchart of the permission logic of User Protect http://drupal.org/node/328346. I'll ad the settings I used to delegate User Admin yet protect the admin role asap.

Thanks for the great module Chad!

Doug