Increased granularity for user permissions

Topics: Core
Dec 17, 2014 at 3:51 PM
Edited Dec 17, 2014 at 3:51 PM
I'd like to suggest we add more granular control to the way that users can assign permissions and roles.

I think it'd be good if certain users could only assign roles or permissions that they themselves have. We could possibly even implement a 'with grant' state so that we can flag which permissions or roles individual users can assign to others.

What are people's thoughts?
Dec 19, 2014 at 11:29 AM
Interesting idea about the "grant" feature: we could have automatically generated "grant" permissions for each of the permissions (though this might be an overkill and clutter the permission list). This could be handled by the Roles module in addition to the Manage Roles permission.
Jan 16, 2015 at 10:04 AM

we could really use this. We delegate some control of our business sites to our clients. They need to be able to manage roles and the users in the site, but should not be able to bootstrap themselves to SiteOwner or import/export control.

Should we raise this as an issue now?
Jan 16, 2015 at 11:46 AM
Yes please!