Permissions subset

Provides a copy of the standard Permissions form for users that don't have the permission "administer permissions", but do have the permission "access subpermission form". The form looks identical to the standard Permissions form, but with only a subset of the standard Permissions. Permissions marked as "restricted" are always removed from the form.

An administrator (with the permission "administer subpermissions") must specify which permissions should be displayed on the subpermission form.

This module is intended to be used by the creator of a site (UID 1) that does not want to be the maintainer of a site. The creator can then give free reign to another role/user including allowing that user to tweak permissions settings, whilst safe in the knowledge that the user will not be able to assign security risk permissions (like the "press red button" permission provided by the Nuke module)

Development of this module was carried out by Simon Rycroft and funded in part by the ViBRANT Scratchpads project

Note, this module is inherently safer than the Permissions Lock module, which would leave all permissions open to change if accidentally uninstalled or deleted. It also works on the same principle as a whitelist, requiring site creators to specify which permissions are editable - the Permissions Lock module works on the same principle as a blacklist, requiring permissions to be marked as "locked". This could leave a site vulnerable if a module were installed whose permissions are a security risk, or you may simply have overlooked a permission in the list, forgetting to disable it.