Regular user can modify admin permissions and password

Hi there.

Playing with the user access levels in Grav, I realize that when a user is assigned the permission to manage users (create, update, list, etc) they can change the permissions and password of the admin user.

How can you set different permission levels to manage users without a lower level user modifying a higher level user?

Is there a way to define user access level? I mean on code side - how would Grav know which is higher or lower level user?

The Grav super admin user is the user who performs the first install and is identified by a crown icon within the user options in the admin panel. Also, if you assign super admin permissions to any other user, they change their icon to a crown.

I find the entire user permission system backwards. You have to restrict a user to give access
see post

Hi @yehudac

I understand what you are saying, but the problem I raise is the following. If you give a user permissions to manage other users, they can switch to the super admin user (which is the first one created when Grav is installed). I think there should be some way to establish permission hierarchy for users so that a lower level user cannot manage the permissions of a higher level user.
For example, a level 1 user (below the super administrator), could have permissions to manage users (create, modify, etc) but always at a lower level than himself, never other higher level users.

I think it’s a difficult question at the moment, although it would be nice to implement this option in Grav.

A likely scenario to explain this would be the following:

I have to create a user, for example, Editor level 1, who can create users and give them permission to access different pages of the site. This level 1 Editor user should not be able to change either the password or the permissions of the Super Administrator user, but this does not actually work like that.
If I give this Level 1 Editor user permissions to manage users, it can change to the Super Administrator user.

This is the current setting for this user so that they can access Admin, but cannot manage users:

  - EditoresN1
    login: true
    login: true
    super: false
    cache: true
    configuration: false
      delete: false
    statistics: false
    plugins: false
    tools: false
      create: false
      read: true
      update: false
      delete: false
      list: true
      list: true

If admin.super is false and users.create or users.update is true, the Level 1 Editor should not be able to change the Super user’s password or permissions.