Permit own permissions provides a new permission, share permissions, and anyone given this permission can add or remove any permission she has from any role. They will be able to access admin/people/permissions
A site is beautifully set up and guards against catastrophic user error (blowing things up) while giving the person you made it for as much flexibility and power to add to it as is possible... almost.
He can't change what permissions other roles have or even what roles another user has... unless you give him administer permissions.
Now Mr. Just-Learned-Drupal-From-You (in five-minute impromptu sessions because he cut the training budget from the project) can see the configure nuclear options permission, and he thinks it would be nifty to play around with that himself.
Before his assistants can use their delegated permissions, on the day of his Superbowl ad announcing the site he puts it into offline mode, the smiling blue Druplicon becomes that much more (in)famous, and he sues you for a half-million dollars.
Don't let this happen to you!
Permit own permissions provides the share permissions permission, and the share permissions through roles.
Share Permissions: A user in a role with this permission can grant (or revoke) any permission that she has.
Share Permissions through Roles: A user in a role with this permission can grant (or revoke) any role that contains permissions s/he has. If a role has a permission that the user does not have, then that user does not have permission to grant that role.
It's that simple. That's why we needed a big lead-up.
For getting something like this into Drupal core, potentially, see Do not let grant more permissions than you actually have.
For modules providing users to assign roles to other users (but not access the permissions page) see Role Assign or the more complex Role delegation. For additional, finer-grained ability to authorize other users to do things, see Menu administratino per menu, and Taxonomy delegate
This delegation-enhancing module is, ironically, contributed by the the non-hierarchical, equality-for-all collective known as agaric. Kathleen Murtagh continued to develop it and Fox ported it to Drupal 7.
The name comes from slang:
- to utterly own someone
and is not to be taken literally.