There have been many forum discussions and feature requests pertaining to user/role permissions, but I haven't found one (yet) that covers this issue. It may solve many issues if the concept of Role is moved from the User Module into it's own module (likely the Role Module). This would enable more granularity of assignment of user permissions.

For instance, I would like a "second" level administrative user to be able to assign Roles to user accounts, but NOT be able to change the permissions for Roles. The Role Module would have it's own set of permissions. This may be a bit circular for the User Permissions handling, but with some thought it could be handled.

Comments

gpk’s picture

gpk commented
Title: Separate Role from User Module » Add "assign roles to users" permission
Version: 6.x-dev » 7.x-dev

Whether or not there is a separate role.module is I think not the issue here - it's a question of granularity of permissions, and this is not directly dependent on how core is broken down into modules. Note that we have been getting more granularity with every major release.

Changing the title since this is the only definite feature I can identify in your original post ;) If there are other permissions you believe should be added then feel free to amend.

Also changing version since no new features will be going into 6.x.

Finally, I have a feeling that there may be one or two contributed modules that let you do this sort of thing. If you find any perhaps you could post back here.

Feet’s picture

Feet commented

I was looking to do the same thing. And after reading this I found http://drupal.org/project/roleassign which does the trick for me.

sun.core’s picture

sun.core commented
Version: 7.x-dev » 8.x-dev
droplet’s picture

droplet commented

sub

marcingy’s picture

marcingy commented

Another start point for core is http://drupal.org/project/role_delegation

josevitalsouto’s picture

josevitalsouto
Primary language Portuguese, Brazil
Location RN
commented

This is an important feature for permissions granularity.

Version: 8.0.x-dev » 8.1.x-dev

Drupal 8.0.6 was released on April 6 and is the final bugfix release for the Drupal 8.0.x series. Drupal 8.0.x will not receive any further development aside from security fixes. Drupal 8.1.0-rc1 is now available and sites should prepare to update to 8.1.0.

Bug reports should be targeted against the 8.1.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.2.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.1.x-dev » 8.2.x-dev

Drupal 8.1.9 was released on September 7 and is the final bugfix release for the Drupal 8.1.x series. Drupal 8.1.x will not receive any further development aside from security fixes. Drupal 8.2.0-rc1 is now available and sites should prepare to upgrade to 8.2.0.

Bug reports should be targeted against the 8.2.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.3.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

dpi’s picture

dpi
Location Perth, Australia
commented
Version: 8.2.x-dev » 8.3.x-dev
Issue summary: View changes
Issue tags: +role delegation
Related issues: +#151311: Split 'administer permissions' into a new administer roles permissions

Similar to #151311: Split 'administer permissions' into a new administer roles permissions

Version: 8.3.x-dev » 8.4.x-dev

Drupal 8.3.0-alpha1 will be released the week of January 30, 2017, which means new developments and disruptive changes should now be targeted against the 8.4.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.4.x-dev » 8.5.x-dev

Drupal 8.4.0-alpha1 will be released the week of July 31, 2017, which means new developments and disruptive changes should now be targeted against the 8.5.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.5.x-dev » 8.6.x-dev

Drupal 8.5.0-alpha1 will be released the week of January 17, 2018, which means new developments and disruptive changes should now be targeted against the 8.6.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.6.x-dev » 8.7.x-dev

Drupal 8.6.0-alpha1 will be released the week of July 16, 2018, which means new developments and disruptive changes should now be targeted against the 8.7.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.7.x-dev » 8.8.x-dev

Drupal 8.7.0-alpha1 will be released the week of March 11, 2019, which means new developments and disruptive changes should now be targeted against the 8.8.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

mmbk’s picture

mmbk
Primary language German
Location Meißen
commented
Assigned: Unassigned » mmbk
mmbk’s picture

mmbk
Primary language German
Location Meißen
commented
Assigned: mmbk » Unassigned
eelkeblok’s picture

eelkeblok
he/him
Primary language Dutch
Location Netherlands 🇳🇱
commented

Not sure if there are any more issues about similar stuff, but we have an internal module that adds the following permissions:

* Assign (or revoke) specific roles.
* Edit users with specific roles (if a user has a role that another does not have permission for to edit users with the role, the second user does not get to edit them).
* Administer the permissions for specific roles (does not allow assigning permisions the user does not have themselves).

This solves what is in effect a core bug (actually come to think of it, that would probably be lying around somewhere..?), namely that if someone has the administer permissions and/or administer users permissions they basically get to assign themselves absolute power.

eelkeblok’s picture

eelkeblok
he/him
Primary language Dutch
Location Netherlands 🇳🇱
commented
Related issues: +#48544: Do not let grant more permissions than you actually have

Found another related issue, #48544: Do not let grant more permissions than you actually have.

Version: 8.8.x-dev » 8.9.x-dev

Drupal 8.8.0-alpha1 will be released the week of October 14th, 2019, which means new developments and disruptive changes should now be targeted against the 8.9.x-dev branch. (Any changes to 8.9.x will also be committed to 9.0.x in preparation for Drupal 9’s release, but some changes like significant feature additions will be deferred to 9.1.x.). For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Version: 8.9.x-dev » 9.1.x-dev

Drupal 8.9.0-beta1 was released on March 20, 2020. 8.9.x is the final, long-term support (LTS) minor release of Drupal 8, which means new developments and disruptive changes should now be targeted against the 9.1.x-dev branch. For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Version: 9.1.x-dev » 9.2.x-dev

Drupal 9.1.0-alpha1 will be released the week of October 19, 2020, which means new developments and disruptive changes should now be targeted for the 9.2.x-dev branch. For more information see the Drupal 9 minor version schedule and the Allowed changes during the Drupal 9 release cycle.

Version: 9.2.x-dev » 9.3.x-dev

Drupal 9.2.0-alpha1 will be released the week of May 3, 2021, which means new developments and disruptive changes should now be targeted for the 9.3.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.3.x-dev » 9.4.x-dev

Drupal 9.3.0-rc1 was released on November 26, 2021, which means new developments and disruptive changes should now be targeted for the 9.4.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.4.x-dev » 9.5.x-dev

Drupal 9.4.0-alpha1 was released on May 6, 2022, which means new developments and disruptive changes should now be targeted for the 9.5.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.5.x-dev » 10.1.x-dev

Drupal 9.5.0-beta2 and Drupal 10.0.0-beta2 were released on September 29, 2022, which means new developments and disruptive changes should now be targeted for the 10.1.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 10.1.x-dev » 11.x-dev

Drupal core is moving towards using a “main” branch. As an interim step, a new 11.x branch has been opened, as Drupal.org infrastructure cannot currently fully support a branch named main. New developments and disruptive changes should now be targeted for the 11.x branch, which currently accepts only minor-version allowed changes. For more information, see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 11.x-dev » main

Drupal core is now using the main branch as the primary development branch. New developments and disruptive changes should now be targeted to the main branch.

Read more in the announcement.