Currently the 'administer group' global permission manages access to global OG configuration and give also the all the permissions inside all the groups.

I suggest to split this permission in two others :

  • administer organic groups : to access OG global settings
  • bypass all organic groups permissions : to be granted of all groups permissions

What do you think about it ?


amitaibu’s picture

> to access OG global settings

Not sure what you mean by that.

DuaelFr’s picture

> to access OG global settings

I mean for all admin/config/group pages or more generally everything that is not controlled by og_user_access

DuaelFr’s picture

Amitai do you have any opinion about this ? Do you want me to provide a patch ?

I have users who needs a kind of moderator rights on the groups but not the right to change default OG settings. I think, in a more general way, that we should separate permissions to let administrators fit to their own needs more easily.

alesr’s picture

Administer group permission is too powerful.
There's now way without implementing a hook to deny a user with Administer group permission not to delete or update group content from other user.