Sudo like functionality (elevate to adminrole)
metzlerd - May 12, 2009 - 14:01
| Project: | Admin Role |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | won't fix |
Jump to:
Description
Would like to see the ability for certain users to the adminrole. I'm willing to role some patches, but would like to know whether this seems like a good idea from maintainers perspective. This would allow admins to function as normal site participants until they elevated to to the adminrole.
#1
Ref. this post:
"Adminrole security hole: admins can assign themselves full permissions"
http://drupal.org/node/375954
If I understand your feature request properly, then you are suggesting that instead of doing the check that requires "administer permissions", then instead the module should add a permission setting where roles can be assigned to give them access to adjust adminrole settings.
#2
Further on this:
In conjunction with the Masquerade module, such "sudo" like behaviour could possibly be arranged, have not given that serious thought, though. But if so, that would require that the mentioned security hole is fixed.
#3
Don't think this is appropriate for this module (whereas there is Masquerade and User switcher). This should stay a simple backport of the D7 functionality.