Disable ability to add user to admin user group, unless user himself has admin rights

[vierkantemeter]

Disable ability to add a user to the admin user group, unless the user who is trying to do this has admin rights himself. (Or; restrict users to add new users with higher permissions than they have themselves)

Now, content-editors with permissions to add new users can also create admin users, or give themselves admin rights.

This is a huge security flaw in my view, becasue I have content-editors who would like to.. experiment. ;)

[exside]

+1

[ReSpawN]

+1, with an additional option to restrict it to SUDO (some of our customers are experienced MODX-ers themselfs but we don't want them to create new Admins, that's restricted to SUDO users.

[thomasd]

👍

[wuuti]

+1

[pixelchutes]

👍

[jpdevries]

Or herself ;)—
Sent from Mailbox for iPhone

On Thu, Apr 17, 2014 at 2:11 AM, Jens Külzer notifications@github.com
wrote:

+1

Reply to this email directly or view it on GitHub:
#11208 (comment)

[ReSpawN]

... yes, that too ...

[pixelchutes]

I am currently looking into this and am curious how others would prefer to see this approached?

For example:

• Only allow Manager users to assign Roles lesser than (or equal to) the max Authority level of their currently assigned Roles, e.g.:
  • Prevent adding others (or themselves) to Administrator group with a lower Authority e.g. Super User Role
  • Allow assigning to any possible User Groups OR somehow provide a way to limit to certain Groups (similar to aforementioned Role restrictions?)
  • Prevent enabling the sudo flag
• Preventing Edits (and Viewing Profiles?) of higher ranked users (determined by Role > Authority).
• Sudo handling:
  • Only a sudo user can access / edit / assign Roles to another sudo user.
  • Administrators with Super User Role: Yes/No?
• Can any changes to privilege escalation handling be applied without the introduction of additional Permissions / Policies?
• Other?

Also, this issue appears related to #7547 and #10443

[exside]

I think

• Prevent adding others (or themselves) to Administrator group with a lower Authority e.g. Super User Role

and

• Sudo handling:
  Only a sudo user can access / edit / assign Roles to another sudo user.
  Administrators with Super User Role: Yes

would be fine for me