You are here

Home » API reference » RoleAssign 8

README.txt in RoleAssign 8

Same filename and directory in other branches
  1. 6 README.txt
  2. 7.2 README.txt
  3. 7 README.txt
ROLEASSIGN
==========

RoleAssign specifically allows site administrators to further delegate
the task of managing user's roles.

RoleAssign introduces a new permission called 'assign roles'. Users
with this permission are able to assign selected roles to still other
users. Only users with the 'administer permissions' permission may
select which roles are available for assignment through this module.

This module was developped by TBarregren and is now maintained by salvis.
Drupal 7 port by salvis.
Drupal 8 port by svendecabooter and tkuldeep17.


BACKGROUND
----------

It is possible for site administrators to delegate the user
administration through the 'administer users' permission. But that
doesn't include the right to assign roles to users. That is necessary if
the delegatee should be able to administrate user accounts without
intervention from a site administrator.

To delegate the assignment of roles, site administrators have had until
now no other choice than also grant the 'administer permissions'
permission. But that is not advisable, since it gives right to access
all roles, and worse, to grant any rights to any role. That can be
abused by the delegatee, who can assign himself all rights and thereby
take control over the site.

This module solves this dilemma by introducing the 'assign roles'
permission. While editing a user's account information, a user with this
permission will be able to select roles for the user from a set of
available roles. Roles available are configured by users with the
'administer permissions' permission.


INSTALL
-------

1. Copy the entire 'roleassign' directory, containing the
'roleassign.module' and other files, to your Drupal modules directory.

2. Log in as site administrator.

3. Go to the administration page for modules and enable the module.


CONFIGURATION
-------------

1. Log in as site administrator.

2. Go to the Permissions page (people/permissions) and grant the 'assign roles'
permission to those roles that should be able to assign roles to other users.
Notice that besides the 'assign roles' permission, these roles also must have
the 'administer users' permission.

3. Go to the administration page for RoleAssign (people/permissions/roleassign)
and select those roles that should be available for assignment by users with
'assign roles' permission.

4. For each user that should be able to assign roles, go to the user's account
and select a role with both the 'assign roles' and the 'administer users'
permissions.

Beware: Granting the 'administer users' permission to users will allow them to
modify admin passwords or email addresses. The User Protect module can help to
prevent this. RoleAssign will protect user 1's name, email, and password fields,
but it won't protect any other accounts.


USAGE
-----

1. Log in as a user with both the 'assign roles' and the 'administer users'
permissions.

2. To change the roles of a user, go to the user's account and review the
assignable roles and change them as necessary.


BEWARE
------

'Administer users' is and remains a security-critical permission that must NOT
be given to untrusted users! RoleAssign will keep your assistant admins within
their limits, but if you introduce alternative ways to edit users, assign roles,
or give permissions (like the "Administration: Users" view in the popular
Administration Views module), then you may be opening up ways for your
assistant admins to gain additional privileges.

File

README.txt
View source 
  1. ROLEASSIGN

  2. ==========

  3. 

  4. RoleAssign specifically allows site administrators to further delegate

  5. the task of managing user's roles.

  6. 

  7. RoleAssign introduces a new permission called 'assign roles'. Users

  8. with this permission are able to assign selected roles to still other

  9. users. Only users with the 'administer permissions' permission may

  10. select which roles are available for assignment through this module.

  11. 

  12. This module was developped by TBarregren and is now maintained by salvis.

  13. Drupal 7 port by salvis.

  14. Drupal 8 port by svendecabooter and tkuldeep17.

  15. 

  16. 

  17. BACKGROUND

  18. ----------

  19. 

  20. It is possible for site administrators to delegate the user

  21. administration through the 'administer users' permission. But that

  22. doesn't include the right to assign roles to users. That is necessary if

  23. the delegatee should be able to administrate user accounts without

  24. intervention from a site administrator.

  25. 

  26. To delegate the assignment of roles, site administrators have had until

  27. now no other choice than also grant the 'administer permissions'

  28. permission. But that is not advisable, since it gives right to access

  29. all roles, and worse, to grant any rights to any role. That can be

  30. abused by the delegatee, who can assign himself all rights and thereby

  31. take control over the site.

  32. 

  33. This module solves this dilemma by introducing the 'assign roles'

  34. permission. While editing a user's account information, a user with this

  35. permission will be able to select roles for the user from a set of

  36. available roles. Roles available are configured by users with the

  37. 'administer permissions' permission.

  38. 

  39. 

  40. INSTALL

  41. -------

  42. 

  43. 1. Copy the entire 'roleassign' directory, containing the

  44. 'roleassign.module' and other files, to your Drupal modules directory.

  45. 

  46. 2. Log in as site administrator.

  47. 

  48. 3. Go to the administration page for modules and enable the module.

  49. 

  50. 

  51. CONFIGURATION

  52. -------------

  53. 

  54. 1. Log in as site administrator.

  55. 

  56. 2. Go to the Permissions page (people/permissions) and grant the 'assign roles'

  57. permission to those roles that should be able to assign roles to other users.

  58. Notice that besides the 'assign roles' permission, these roles also must have

  59. the 'administer users' permission.

  60. 

  61. 3. Go to the administration page for RoleAssign (people/permissions/roleassign)

  62. and select those roles that should be available for assignment by users with

  63. 'assign roles' permission.

  64. 

  65. 4. For each user that should be able to assign roles, go to the user's account

  66. and select a role with both the 'assign roles' and the 'administer users'

  67. permissions.

  68. 

  69. Beware: Granting the 'administer users' permission to users will allow them to

  70. modify admin passwords or email addresses. The User Protect module can help to

  71. prevent this. RoleAssign will protect user 1's name, email, and password fields,

  72. but it won't protect any other accounts.

  73. 

  74. 

  75. USAGE

  76. -----

  77. 

  78. 1. Log in as a user with both the 'assign roles' and the 'administer users'

  79. permissions.

  80. 

  81. 2. To change the roles of a user, go to the user's account and review the

  82. assignable roles and change them as necessary.

  83. 

  84. 

  85. BEWARE

  86. ------

  87. 

  88. 'Administer users' is and remains a security-critical permission that must NOT

  89. be given to untrusted users! RoleAssign will keep your assistant admins within

  90. their limits, but if you introduce alternative ways to edit users, assign roles,

  91. or give permissions (like the "Administration: Users" view in the popular

  92. Administration Views module), then you may be opening up ways for your

  93. assistant admins to gain additional privileges.

  94.