Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Related to Issue #599342: document security threat of permission 'administer users ' and regarding this text:
Beware: Granting the 'administer users' permission to users will allow them to modify admin passwords or email addresses or even delete the site administrator account. The User Protect module can prevent this.
I was happy to find that, in addition to a fix in core that prohibits the deletion of user 1, Role Assign now offers some added protection for this account by making fields 'name', 'email' and 'pass' uneditable.
Should the README be updated to reflect this?
Great module! Thanks a lot!
Comments
Comment #1
salvisThank you for your feedback and analysis.
I've updated README.txt for D7. I don't think it's worth the trouble for D6 anymore.