Permit own permissions provides a new permission, share permissions, and anyone given this permission can add or remove any permission she has from any role. They will be able to access admin/people/permissions

Problem:

A site is beautifully set up and guards against catastrophic user error (blowing things up) while giving the person you made it for as much flexibility and power to add to it as is possible... almost.

He can't change what permissions other roles have or even what roles another user has... unless you give him administer permissions.

Now Mr. Just-Learned-Drupal-From-You (in five-minute impromptu sessions because he cut the training budget from the project) can see the configure nuclear options permission, and he thinks it would be nifty to play around with that himself.

Before his assistants can use their delegated permissions, on the day of his Superbowl ad announcing the site he puts it into offline mode, the smiling blue Druplicon becomes that much more (in)famous, and he sues you for a half-million dollars.

Don't let this happen to you!

Solution:

Permit own permissions provides the share permissions permission, and the share permissions through roles.

Share Permissions: A user in a role with this permission can grant (or revoke) any permission that she has.

Share Permissions through Roles: A user in a role with this permission can grant (or revoke) any role that contains permissions s/he has. If a role has a permission that the user does not have, then that user does not have permission to grant that role.

It's that simple. That's why we needed a big lead-up.

For getting something like this into Drupal core, potentially, see Do not let grant more permissions than you actually have.

For modules providing users to assign roles to other users (but not access the permissions page) see Role Assign or the more complex Role delegation. For additional, finer-grained ability to authorize other users to do things, see Menu administratino per menu, and Taxonomy delegate

This delegation-enhancing module is, ironically, contributed by the the non-hierarchical, equality-for-all collective known as agaric. Kathleen Murtagh continued to develop it and Fox ported it to Drupal 7.

The name comes from slang:

pwn
to utterly own someone

and is not to be taken literally.

Supporting organizations: 
Agaric
Conceived and built.

Project information

  • caution Minimally maintained
    Maintainers monitor issues, but fast responses are not guaranteed.
  • caution Maintenance fixes only
    Considered feature-complete by its maintainers.
  • Module categories: Administration Tools, Access Control
  • Created by mlncn on , updated
  • shieldStable releases for this project are covered by the security advisory policy.
    Look for the shield icon below.

Releases

7.x-1.0 Stable release covered by the Drupal Security Team released 6 September 2014
Works with Drupal: 7.x
✓ Recommended by the project’s maintainer.

Development version: 7.x-1.x-dev updated 6 Sep 2014 at 21:18 UTC

Using Composer to manage Drupal site dependencies