Support Forums

Freddy · 02-04-2009, 08:34 AM

Hiya,

I have created a 2nd admin user account with reduced access settings using the "Administration Capabilities" section.

Logging in with this account you can go into edit user and bump yourself up to all areas and worse still you can remove access for the main admin account. I assume you can also delete it (I don't want to test this).

I must be doing something wrong?

I need reduced admin levels so that others can login and do some editing (including user settings) but not bump themselves or remove me!

I tried creating a new user group called 'mod' but the "Administration Capabilities" select isn't present for any group other than admin.

Plus when I drop the test user account from admin to 'mod' level and try to login with that account it says the user isn't registered when I try a password recovery.

Many thanks

**Lhotch** · 02-04-2009, 09:36 AM

Freddy,

We need to know what version of the script you are using.

Freddy · 02-04-2009, 09:47 AM

Apologises Larry.

v4.1.0 RC3 Designer

Thanks,
Fred

**Lhotch** · 02-04-2009, 09:51 AM

Quote:

Originally Posted by Freddy

Apologises Larry.

v4.1.0 RC3 Designer

Thanks,
Fred

Thats actually a BETA product and not even the most current one. What I recommend in situations like this is that you upgrade to the latest release candidate and if you still notice this problem click on the support link menu above the forum and chose "bug tracker". Then fill in the displayed form to get the issues reported to the developers so it can be looked into.

Freddy · 02-04-2009, 09:58 AM

Ah I see. Only purchased a few days ago.

Before I reported as a bug I wanted to see if I was doing something wrong

Didn't realise it was beta. I will install the latest non beta and try again.

Many thanks,
Fred

***Eric Barnes*** · 02-04-2009, 10:21 AM

Actually that is the way it was designed. The admin capabilities restricts access to certain pages in admin. It doesn't have a check to prevent them from editing their own capabilities if they have access to edit users.

That is a good idea though and I think that could be a very useful setting.

Freddy · 02-04-2009, 10:30 AM

Quote:

Originally Posted by Eric Barnes

Actually that is the way it was designed. The admin capabilities restricts access to certain pages in admin. It doesn't have a check to prevent them from editing their own capabilities if they have access to edit users.

That is a good idea though and I think that could be a very useful setting.

Thanks Eric for reply.

Surprised I'm the first to bring this up in all honesty. Fairly standard requirement for delegating back end tasks with minimal access.

That said I am loving the script

Fast support too!

Cheers,
Fred

***Eric Barnes*** · 02-04-2009, 10:32 AM

Thanks Fred. You know you are the first to mention this and it makes perfect sense. I would think just adding another checkbox will suffice in that section.

***Eric Barnes*** · 02-04-2009, 10:34 AM

Just added this to the tracker: http://www.68classifieds.com/forums/issue-258/

Freddy · 02-04-2009, 10:36 AM

Quote:

Originally Posted by Eric Barnes

Just added this to the tracker: http://www.68classifieds.com/forums/issue-258/

Thank you Sir.

02-04-2009, 08:34 AM	#1
Freddy Junior Member Join Date: Feb 2009 Posts: 16 Rep Power: 1	ANSWERED - Poor admin security settings for user groups? Hiya, I have created a 2nd admin user account with reduced access settings using the "Administration Capabilities" section. Logging in with this account you can go into edit user and bump yourself up to all areas and worse still you can remove access for the main admin account. I assume you can also delete it (I don't want to test this). I must be doing something wrong? I need reduced admin levels so that others can login and do some editing (including user settings) but not bump themselves or remove me! I tried creating a new user group called 'mod' but the "Administration Capabilities" select isn't present for any group other than admin. Plus when I drop the test user account from admin to 'mod' level and try to login with that account it says the user isn't registered when I try a password recovery. Many thanks Last edited by Freddy; 02-04-2009 at 10:37 AM.

02-04-2009, 09:36 AM	#2
Lhotch Moderator Join Date: Mar 2006 Posts: 4,040 Rep Power: 98	Freddy, We need to know what version of the script you are using. __________________ Larry. (Please note: I am not a 68C employee. I am a customer and volunteer who helps with questions where I can and the forums spam free) Set your site apart from the competition with one of my modules...... Google Map Module \| You Tube Module \| Google Calendar Module \| Event Calendar Module 68 Classifieds Important Links Customer Area \| Issue Tracker \| Knowledge Base \| User Manuals

02-04-2009, 10:21 AM	#6
*Eric Barnes* 68 Classifieds Staff Join Date: Mar 2006 Location: Belmont, NC Posts: 4,694 Rep Power: 108	Actually that is the way it was designed. The admin capabilities restricts access to certain pages in admin. It doesn't have a check to prevent them from editing their own capabilities if they have access to edit users. That is a good idea though and I think that could be a very useful setting. __________________ Eric Barnes 68 Classifieds Developer Please do not send me a private message asking for support. Instead use these open forums or our ticket system. Customer Area \| Issue Tracker \| Documentation \| 68C Mods \| Submit a Ticket \| 68 @ Twitter \| My Modules

02-04-2009, 10:32 AM	#8
*Eric Barnes* 68 Classifieds Staff Join Date: Mar 2006 Location: Belmont, NC Posts: 4,694 Rep Power: 108	Thanks Fred. You know you are the first to mention this and it makes perfect sense. I would think just adding another checkbox will suffice in that section. __________________ Eric Barnes 68 Classifieds Developer Please do not send me a private message asking for support. Instead use these open forums or our ticket system. Customer Area \| Issue Tracker \| Documentation \| 68C Mods \| Submit a Ticket \| 68 @ Twitter \| My Modules

02-04-2009, 10:34 AM	#9
*Eric Barnes* 68 Classifieds Staff Join Date: Mar 2006 Location: Belmont, NC Posts: 4,694 Rep Power: 108	Just added this to the tracker: http://www.68classifieds.com/forums/issue-258/ __________________ Eric Barnes 68 Classifieds Developer Please do not send me a private message asking for support. Instead use these open forums or our ticket system. Customer Area \| Issue Tracker \| Documentation \| 68C Mods \| Submit a Ticket \| 68 @ Twitter \| My Modules

02-04-2009, 09:47 AM	#3
Freddy Junior Member Join Date: Feb 2009 Posts: 16 Rep Power: 1	Apologises Larry. v4.1.0 RC3 Designer Thanks, Fred

02-04-2009, 09:58 AM	#5
Freddy Junior Member Join Date: Feb 2009 Posts: 16 Rep Power: 1	Ah I see. Only purchased a few days ago. Before I reported as a bug I wanted to see if I was doing something wrong Didn't realise it was beta. I will install the latest non beta and try again. Many thanks, Fred

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
User Groups	island1	HTML, CSS, and Design Help	2	01-15-2009 02:54 PM
Do listing settings apply to admin?	domino	v4 Questions & Support	2	09-13-2008 06:11 PM
seller stores & user groups	spaceboy	v4 Questions & Support	0	04-22-2007 01:31 PM
Removing security reasons in contact user section.	gabs	v3.1 Questions & Support	1	11-15-2006 10:46 AM
Memberships and User Groups	Don	v3.1 Questions & Support	4	05-18-2006 08:56 AM