Prevent user from adding themselves to administrator group

Permalink 2 users found helpful
I've created a scaled down admin group called "editors" that hides some features that a client doesn't need to see. The problem is, the client needs access to add/edit/delete users and groups and with that ability, keeps adding themselves to the Administrator group. Is there any way to prevent this?

hursey013
View Replies:
mose replied on at Permalink Reply
mose
It is a bit misleading, but the Administrators group is really no different than any other group. The only real, all-powerful admin is admin. What sets the Administrators group apart from all other groups is that it is added to pages with permissions during installation. You can think of it more as the default group.

What you are really asking, then, is if there is a way to prevent a user from adding themselves to group X, where X is any group, and the answer is, "No". If the user has access to User and Groups, then they can add any user to any group, including Administrators.

In order to change this behavior, you would have to alter the code. You could put a check in the section that lists groups. If the user is not in the Administrators group, it doesn't list the Administrators group. You could even get fancy and only allow a user to add people to the groups to which the user belongs. So, they would be a "group admin". That sounds like that might have some potential. I just might have to look into that. :-)
hursey013 replied on at Permalink Reply
hursey013
Thanks for the info mose. If you do put something together let me know - could definitely come in handy down the road. I would prefer the peace of mind knowing that a client isn't messing around with page defaults and sitewide settings if I've hidden those features from them in the dashboard, but with limited php smarts I'll have to trust them for now!
stressdesign replied on at Permalink Reply
stressdesign
Hi Mose... this is a good description of this functionality... it's been 12 months since this thread started.... does anyone have additional info on this topic? Is there a way to have more discretion with group access?
zoinks replied on at Permalink Reply
Wow, I'm glad I figured out how to search this specifically enough to find the answer.

So... Admin Group is not really dangerous? I was worried about the client adding a user and then adding it to the Admin Group and then destroying the site.
olsgreen replied on at Permalink Reply 1 Attachment
olsgreen
I've created a package (based on 5.4.2) that disables users that are not either a super user or an existing administrator from adding users to the administrators group. Please note I built this for 5.4.2.X, it'll probably work for prior versions but probably not on 5.5.X.
jacknjean replied on at Permalink Reply
jacknjean
Might you be thinking of updating this for 5.5?