"Thomas Barregren" wrote:
You write that "Incorrect use ... could limit the ability of the site administrator from properly administering the Drupal web site." How do you mean? The site administrator, e.g. user 1, always have all permissions irrespective of assigned roles. So how could his/hers ability be limited?
I mean that, unless one is very careful in the setting of access privileges, roles which can receive those privileges, and users assigned to those roles, then the ability of the Site Administrator to be fully (and only) in control of site features could be compromised. I only suggest that you take a special sentence or two to _very clearly_ tell the module user that they should be completely familiar with Drupal's role-permission access system. Already this system is complicated by a terrible UI [*] when there are more than 2 or 3 roles and a few dozen modules. To add another "meta layer" of "permission-granting permission" could leave a Site Admin (user = 1) baffled about some why some user/role is able/not able to take an action, and in the case of actual role creation/assignment and permission assignment, this could be disastrous. I'm not being overly cautious, I think, to encourage you to write an extremely clear description/help file and to specifically _warn/alert/notify/caution_ the module user about all the potential issues. -- inkfree [*] The UI for access control is, frankly, quite bad. Arbitrary width columns for roles and non-collapsible module-level "task permission" entries (table rows) make for a cumbersome and always changing UI. I hope that 5.0 brings some of that 'ajax' goodness to the administrative UI, so that things like "Settings", "Block Config", "Access Control" and similar tabular/sectioned lists can be better navigated and share a consistent interface.