Custom Admin Permissions?

[Thomasss]

How many of you guys use custom admin permissions?

For example on XenForo, MyBB, (and I think IPB?) you have have custom permissions for each individual, so in essence you would be giving them ACP rights just not full on ACP rights, only the things you allow.

For me, I only certain mods of mine to access the ACP's profile editor, banning, and warnings so they can update the warning system if the need was there. I find it pretty handy to have admins that are not really admins, you know? How many of you guys use custom perms?

 

[Nebulous]

On my forum an admin is an admin and a mod is a mod. Admins can access the entire ACP and moderators have their tools out on the forum itself. Seems to work for us just fine. 😛

 

[Cosmic]

I've set these up before. I usually ease admins into permissions, at least on forums I own.

 

[Gizmo]

phpBB also has an extensive permission system for both groups and users. 🙂
I love fiddling with admin permissions 😛

 

[Reverie]

I give some admins access to just theme editing. For the most part my real admins have full access. If they are staff who also help they can get limited access to the Admin CP. 🙂

 

[Allenafaith]

The super moderators get limited ACP access and the administrators get full ACP access. I don't limit anything for full administrators. The super moderators would only have access to user groups etc, so they could activate members and ban through the ACP or block certain things from them.

 

[Cosmic]

The super moderators get limited ACP access and the administrators get full ACP access. I don't limit anything for full administrators. The super moderators would only have access to user groups etc, so they could activate members and ban through the ACP or block certain things from them.

Make sure to be careful with that. If they have access to edit user groups, they might be able to make themselves admins. 😛

I'd recommend against giving ACP access to anyone who is not highly trusted. Some form software makers are lazy with their security on the ACP end, which means there may be a workaround that allows a mod to escalate their privileges, or do something dangerous, like perma-deleting all a member's posts.

 

[Thomasss]

The super moderators get limited ACP access and the administrators get full ACP access. I don't limit anything for full administrators. The super moderators would only have access to user groups etc, so they could activate members and ban through the ACP or block certain things from them.

Make sure to be careful with that. If they have access to edit user groups, they might be able to make themselves admins. 😛

I'd recommend against giving ACP access to anyone who is not highly trusted. Some form software makers are lazy with their security on the ACP end, which means there may be a workaround that allows a mod to escalate their privileges, or do something dangerous, like perma-deleting all a member's posts.

Make sure to be careful with that. If they have access to edit user groups, they might be able to make themselves admins. 😛

^^This. I've been promoted a few times on MyBB forums and was able to put myself in the admin groups, (not that I did) but I would be very careful with that. 😛 Dunno how it works on other softwares however I think it's pretty much the same. Unless you know the person well enough I would not give them user group perms. 😛 Usually banning people can be achieved without giving someone permissions to edit profiles, and on MyBB activating members works the same.

 

[Grumpy]

The custom admin permissions are always useful to give moderators access to certain things. If you know a bit of code aswell you can further specify permissions to give, to limit them from being able to change user permissions to admin etc to prevent the kind of thing described above.

 

[Cosmic]

The super moderators get limited ACP access and the administrators get full ACP access. I don't limit anything for full administrators. The super moderators would only have access to user groups etc, so they could activate members and ban through the ACP or block certain things from them.

Make sure to be careful with that. If they have access to edit user groups, they might be able to make themselves admins. 😛

I'd recommend against giving ACP access to anyone who is not highly trusted. Some form software makers are lazy with their security on the ACP end, which means there may be a workaround that allows a mod to escalate their privileges, or do something dangerous, like perma-deleting all a member's posts.

Make sure to be careful with that. If they have access to edit user groups, they might be able to make themselves admins. 😛

^^This. I've been promoted a few times on MyBB forums and was able to put myself in the admin groups, (not that I did) but I would be very careful with that. 😛 Dunno how it works on other softwares however I think it's pretty much the same. Unless you know the person well enough I would not give them user group perms. 😛 Usually banning people can be achieved without giving someone permissions to edit profiles, and on MyBB activating members works the same.

There's an annoying bug in IPB 3 where a moderator can ban themselves and then chose what user group to put themselves into. They can chose any user group that doesn't have admin access. So, if there is a usergroup that's not an admin but has higher privileges than them, then they can put themselves in that usergroup using the ban tool. And if they uncheck the "suspend" checkbox, they aren't even banned. 😛

 

[Thomasss]

The super moderators get limited ACP access and the administrators get full ACP access. I don't limit anything for full administrators. The super moderators would only have access to user groups etc, so they could activate members and ban through the ACP or block certain things from them.

Make sure to be careful with that. If they have access to edit user groups, they might be able to make themselves admins. 😛

I'd recommend against giving ACP access to anyone who is not highly trusted. Some form software makers are lazy with their security on the ACP end, which means there may be a workaround that allows a mod to escalate their privileges, or do something dangerous, like perma-deleting all a member's posts.

Make sure to be careful with that. If they have access to edit user groups, they might be able to make themselves admins. 😛

^^This. I've been promoted a few times on MyBB forums and was able to put myself in the admin groups, (not that I did) but I would be very careful with that. 😛 Dunno how it works on other softwares however I think it's pretty much the same. Unless you know the person well enough I would not give them user group perms. 😛 Usually banning people can be achieved without giving someone permissions to edit profiles, and on MyBB activating members works the same.

There's an annoying bug in IPB 3 where a moderator can ban themselves and then chose what user group to put themselves into. They can chose any user group that doesn't have admin access. So, if there is a usergroup that's not an admin but has higher privileges than them, then they can put themselves in that usergroup using the ban tool. And if they uncheck the "suspend" checkbox, they aren't even banned. 😛

Oh that's a nifty little but ain't it. :lol:

 

[Cosmic]

The super moderators get limited ACP access and the administrators get full ACP access. I don't limit anything for full administrators. The super moderators would only have access to user groups etc, so they could activate members and ban through the ACP or block certain things from them.

Make sure to be careful with that. If they have access to edit user groups, they might be able to make themselves admins. 😛

I'd recommend against giving ACP access to anyone who is not highly trusted. Some form software makers are lazy with their security on the ACP end, which means there may be a workaround that allows a mod to escalate their privileges, or do something dangerous, like perma-deleting all a member's posts.

Make sure to be careful with that. If they have access to edit user groups, they might be able to make themselves admins. 😛

^^This. I've been promoted a few times on MyBB forums and was able to put myself in the admin groups, (not that I did) but I would be very careful with that. 😛 Dunno how it works on other softwares however I think it's pretty much the same. Unless you know the person well enough I would not give them user group perms. 😛 Usually banning people can be achieved without giving someone permissions to edit profiles, and on MyBB activating members works the same.

There's an annoying bug in IPB 3 where a moderator can ban themselves and then chose what user group to put themselves into. They can chose any user group that doesn't have admin access. So, if there is a usergroup that's not an admin but has higher privileges than them, then they can put themselves in that usergroup using the ban tool. And if they uncheck the "suspend" checkbox, they aren't even banned. 😛

Oh that's a nifty little but ain't it. :lol:

Yeah. 😛 One of my staff once used this to see the admin board on one of my forums *cough* John *cough*. Not intentionally, of course. 😛

I saw a thread about it on the IPB forums. Staff said it was a feature, not a bug. :lol: Hopefully it's gone in IPB 4.

 

[VirusZero]

I've used the admin permissions in the past so I could give someone access to the skin section without giving them complete access.

Though for admins I generally wouldn't bother changing their permissions. I've promoted them because I trust their judgement so no reason to remove access to features they may need to do their job. (Unless, for example, I had an admin who they wanted nothing to do with skin development and didn't even want to see that section. In that case I might pull their privileges just to comply with what they wanted. But that's not because I don't trust them...)

 

[Allenafaith]

The super moderators get limited ACP access and the administrators get full ACP access. I don't limit anything for full administrators. The super moderators would only have access to user groups etc, so they could activate members and ban through the ACP or block certain things from them.

Make sure to be careful with that. If they have access to edit user groups, they might be able to make themselves admins. 😛

I'd recommend against giving ACP access to anyone who is not highly trusted. Some form software makers are lazy with their security on the ACP end, which means there may be a workaround that allows a mod to escalate their privileges, or do something dangerous, like perma-deleting all a member's posts.

Yeah, you have a good point there. I usually only make people I really really trust a super moderator so hopefully I won't have any problem with it, though.

 

[Cosmic]

The super moderators get limited ACP access and the administrators get full ACP access. I don't limit anything for full administrators. The super moderators would only have access to user groups etc, so they could activate members and ban through the ACP or block certain things from them.

Make sure to be careful with that. If they have access to edit user groups, they might be able to make themselves admins. 😛

I'd recommend against giving ACP access to anyone who is not highly trusted. Some form software makers are lazy with their security on the ACP end, which means there may be a workaround that allows a mod to escalate their privileges, or do something dangerous, like perma-deleting all a member's posts.

Yeah, you have a good point there. I usually only make people I really really trust a super moderator so hopefully I won't have any problem with it, though.

Unless there's clear need, I still don't think this access should be granted. Moderators don't really need to edit profiles. Admins can do that type of thing when it's needed, which it's only needed once every few months, if at all.

 

[Teg]

ProBoards allows an unlimited amount of groups. That being said, I can put certain users into a group and assign whatever ACP options I want to give them... I do have that set up currently as well. One of my Mod Squad members (the TL) has almost full admin functions as he also helps with code/template errors.

 

[Cierra]

Yes, I use them for my team leaders and they are pretty handy for that.

 

[cabaye2]

I think it's pretty much the same. Unless you know the person well enough I would not give them user group perms. 🙁

 

[Dregran]

I don't think it's necessary to customise admin abilities unless you're only giving some ACP access for a very specific cause, like editing themes for example. Admins will only be promoted to admins if they can be trusted, so I don't see a need in restricting access until their competence has been tested. Distrustful and incompetence admins can be removed anyhow. 😛

As for mods, I don't think they should have any ACP access, and if they do it should relate directly to moderating. Ironically on the two sites I currently am mod on I have a bit of ACP access that's unrelated to actual moderating. 😛