Permit own permissions
- pwn
- to utterly own someone
Problem:
A site is beautifully set up and guards against catastrophic user error (blowing things up) while giving the person you made it for as much flexibility and power to add to it as is possible... almost.
He can't change what permissions other roles have... unless you give him administer permissions.
Now Mr. Just-Learned-Drupal-From-You (in five-minute impromptu sessions because he cut the training budget from the project) can see the configure nuclear options permission, and he thinks it would be nifty to play around with that himself.
Before his assistants can use their delegated permissions, on the day of his Superbowl ad announcing the site he puts it into offline mode, the smiling blue Druplicon becomes that much more (in)famous, and he sues you for a half-million dollars.
Don't let this happen to you!
Solution:
Permit own permissions provides the share permissions permission. A user in a role with this permission can grant (or revoke) any permission that she has.
It's that simple. That's why we needed a big lead-up.
For getting something like this into Drupal core, potentially, see Do not let grant more permissions than you actually have.
For modules providing additional, finer-grained ability to authorize other users to do things, see Role delegation, Delegate menu administration, and Taxonomy delegate
This delegation-enhancing module is, ironically, contributed by the the non-hierarchical, equality-for-all collective known as agaric.
