Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
In some cases it is useful, when you can define, who is allowed to set the admin role.
For example you have a role, who can edit the user settings, but is not allowed to edit the permissions. If the role can set the admin role, then the person can hijack the whole system.
I add this feature / bug fix to module. Here is the patch for it. It would be nice, if some one can add this to the code.
Comment | File | Size | Author |
---|---|---|---|
New File (if some problem exists with the diff file) | 2.02 KB | customweb | |
Diff File | 618 bytes | customweb | |
Comments
Comment #1
Dave ReidThe module follows the same policy as Drupal 7, which is anyone with 'administer users' can change the admin role settings.