"Mark Hope" wrote:
I support the idea.
The ability to let other users handle the assignment of roles is...well, possibly useful. It's a good idea to be able to automate/delegate all kinds of permissions, and so this makes sense to me, too. With some concerns... This module, in core, should include some pretty stringent logic to prevent the site admin (user = 1) from letting any generic user (user 1) create or assign themselves a role which has destructive potential. This might be simple enough by providing an "access grid" UI where the site admin could mark specific access features as "excluded from RoleAssign created roles". Another way to say this is that, as core or contrib modules add access right rows to the table, the admin should be able to include/exclude those rights from be "assignable" through any ModuleX (RoleAssign, in this case.)
Makes complete sense to me.
[This is slightly OT to the issue of inclusion in core, but because I think it's related to the concerns over mis-use or improper use, and because a full understanding of this module is important _to_ the discussion of inclusion into core, I'll include this here at risk of my own peril.] I would say that the description you provided [*] does _not_ make complete sense to me. The author over-uses the words "user", which have different meanings, at different times, in the description and in the administration of Drupal. Granted, it can be tedious to careful avoid confusion in a description of this kind of module (since it's about roles being able to create roles), but great care should be taken to make clear distinctions between "user" and "user" (yes, that's an intentional word duplication here.) Creating some specific language might help here. Some suggestions: - the 'user 1' user ==> Administrator or Super-User - user ==> site user, registered user
I wasn't aware of the module - I'll take a look as I'm delegating that task right now.
How are you doing this without the use of the module, which you've never heard of? Is there some other module or feature which is allowing you to assign a "role assignment" permission to your users? -- inkfree [*] Original description.
RoleAssign introduce the |assign roles| permission. While editing a user's account information, a user with this permission will be able to select roles for the user from a set of available roles. Roles available are configured by users with the |administer access control| permission. Thus, RoleAssign lets site administrators delegate assignment of selected roles.
Draft suggestion for a more thorough description: RoleAssign specifically allows Site Administrators to further delegate the site task of managing User Roles. RoleAssign introduces a new site task permission called |assign roles|. This task permission allows the Site Administrator to grant authority to other Site Users (or Site Users in a Role Group) the ability to further assign roles to still other Site Users. The Site Administrator, or any Site User with access to the |administer access control| task permission, may set up and configure roles which are able to delegated through this module. Incorrect use of this module could compromise site security or could limit the ability of the site administrator from properly administering the Drupal web site. One should have a thorough understanding of the Drupal role-based permission system and of the management of user access permissions before installing this module. For more information about User Roles, Role Groups and managing Access Permission features of Drupal, please see <...>