ok before i do something REALLY horrible...


can i actually set administrator privliges lower than moderator privliges?



i have basically two admins, myself and my head staff member- but we're both in other user groups; but currently, the admin user group has access to do EVERYTHING.


...can i set that so the members can be "additional members" of that user group and essentially only give them access to what i want in the panel, and no moderation abilities on the forum?



...in theory it sounds like it will work.

This is not something available in the default settings of vbulletin and, probably, would be a topic more appropriately posted at vbulletin.org, since that is where code modification questions are generally posted.

By default, if you give someone access to the admincp they can do anything any other administrator can do except edit the "administrator permissions". This "permission" is set by a line in the config.php file, but this doesn't help you create a sub-class of administrator, with some, but not all admin powers.

You might be able to create a new usergroup which has access to the admincp, but lessor powers than an admin, and make their permissions non-editable in the admincp, except by userid=#1, like administrators themselves.

Regards,

thats what i want to do, i want to give another usergroup limited access...


but i can't figure out how to ?

Like I said, you have to create a usergroup which has admincp access, but does not have those other permissions you don't want them to have and you also have to create a new condition in the config.php file which will, like admin permissions only be changeable by those userids listed in the config.php file.

The problem is you not only have to stop them from having access to permissions up the ladder, you have to stop them from acquiring permissions of moderators. In other words, you have to prevent them from changing their permissions at all, and I can't think of any way of doing that, other than through something like how they prevent anyone not listed in the config.php file from changing Administrator permissions. However they did that, is how you have to prevent this new group from changing their permissions.

[EDIT] And you still have the problem that you would have to prevent them from having permission to upload a new config.php file. But if you can't trust these people, they probably shouldn't be in your adminCP anyway.

Again, vBulletin.org is the place to ask for this code modification.

Regards,

ok this doesnt make sense... i have 2 users in the same user group (i moved one of my mods into that new user group)... the mod has admin panel access

but the other doesn't

no thats' not right.


only "super administrators" can change admin permission, and that has to be given to users in the config.php file.

which is covered in vb.com and the manual, vb.org isn't neccessary for this quest.

In the Administrators' Permission tab in the Usergroups section of the AdminCP you can click on the tab and, if you are not in the config.php listing, you will see this warning:

Sorry, you are not allowed to edit administrator permissions.

If you think you should have permission to access this page, you will need to edit the $config['SpecialUsers']['superadministrators'] variable in the includes/config.php file.

To allow the administrators to access this page, edit the variable to include the user IDs of those administrators should have access, separating each user ID with a comma, like this:

$config['SpecialUsers']['superadministrators'] = '1,25,57';

To allow only a single administrator to access this page, simply add that user's ID with no commas, like this:

$config['SpecialUsers']['superadministrators'] = '1';

But, like I said, this doesn't prevent them from adding themselves to the Moderators Usergroup and acquiring those permissions.

Regards,

i just added him to the moderators user group and STILL can't give him those permissions.

i even made him the moderator of one of our forums (for troubleshooting) and STILL can't change his settings.

I believe you are missing my point. Some of the things you DON'T want this person to do are done by Moderators, correct? If he has AdminCP access, he can create a user, and go to the AdminCP and promote that user to Moderator and that user will have whatever rights Moderators have. He can also promote that user to Administrator and have whatever permissions an Administrator can have, except those limited by the config.php setting.

But if he has ftp access, he could, fairly easily upload his own config.php file that eliminates userid #1 from the "superadmin" category and make himself the only "superadmin." He could then put a .htaccess file on the /includes folder so YOU couldn't get back your own copy of a config.php file with YOU as a superadmin. Although, if this person has ftp access, there are ways to prevent HIM from doing such a thing.

You aren't being devious enough to consider all the possibilities, which is why you need to CAREFULLY think through how much you trust this person and what you want that person to have access to. For example, if this person has access to the database or phpMyAdmin, who has copies of the backups, in case this individual decides to try to lock you out and nukes the Board?

Just nightmares to think about. As they taught in the Army, "Prior Planning Prevents Piss Poor Performance". (The Rule of the 6 P's.)

Of course, it's YOUR Board, YOU get to do whatever you want.

Regards,

he doesn't and wont have ftp access, but as long as i can give him ANY admin acess, i can limit what he can and cant access as an admin, no?


and all i want to allow him to access are styles... he maintains and edits our vendor banner and the styles of the forum.



he USED to have access to this, but now doesn't :shifty

There is no default I am aware of which will allow you to pick and choose what portions of the AdminCP are viewable and/or reachable by someone who has AdminCP access. I know of no default which will allow you to give ONLY access to the Style Manager functions to someone.

That said, the Style Manager functions are accessed through the vbulletin_templatemgr.js script and the templates.php and replacement.php files that are located in the /clientscript and /admincp folders respectively. It might be possible to do a javascript which would give someone access only to those templates, and the interface which will call the format of the Style Manager for use of those templates. And this individual might also need access to the Language & Phrases Manager. Having both the javascript to create the framework in which the editing is done and the code to do the editing and replacing, it would appear, in theory, to be "possible", but I've been searching and have not found any "hack" which reportedly has done something similar to what you want.

For example, this Thread:



offerred no solution, other than AdminCP access.

Regards,

wait, what the hell vb version are you using?


admin panel > user groups > aministrator permissions



you can dictate EXACTLY what permissions in the admin panel you want to give out.


my only problem is giving user groups ANY admin permissions unless they're also in the moderator group- and i have ONE member WHO IS a moderator that i can't give ANY admin permissions to?


and i even tried making him an admin for about an hour to no luck.


this makes NO sense to me.

What you want is not possible. If you make someone admin you can limit their admincp access, not the front-end access.

LeftCoastBias:

I have 4 versions of vBulletin running on my local machine for testing purposes. Im looking at the AdminCP provisions in 3.5.4 and 3.6.0 Beta 3 and there are no differences between these two versions on this issue.

Review the things you CAN set in the Administrator Usergroup Permissions which have anything to do with Administration Functions. They are in the section labled, naturally, " Administration Functions" and there are only two selections available:

Can Moderate All Forums (is Super Moderator)

and

Can Access Control Panel (is Administrator)

What Floris is telling you, and what I have been trying to tell you, is that if you choose:

Can Access Control Panel (is Administrator)= Yes

There is no mechanism for LIMITING what the person can do ONCE THEY ARE ACTUALLY IN THE ADMINCP!!!

There is NOTHING which lets YOU choose which tabs in the AdminCP they can access. They can access them all, including Users and the ability to access USERS to promote someone as Administrator or Moderator. That's just the way it is. I didn't make the configuration. I'm just telling you how it works.

On one of the Forums I help administer, I'm only a Super Moderator, but I have AdminCP access and I just promoted myself to Administrator on the backup of that Forum, running on my local machine, to confirm I could do so. I also am in charge of doing the upgrades on the server and integrating any style edits we have into the Forums before we open an upgrade to the public.

I could make myself a Admin anytime I wanted and make myself "non-deletable" in the config.php file I upload for the upgrade, but there is no real point, because I already have essentially as much power as any of the "Administrators" because I already have both AdminCP access and FTP access. There isn't much else to actually give, except the "Title" and, under the cirumstances, that is not meaningful. But I don't need FTP access to delete ALL the Threads and Posts. I only need AdminCP access.

But if they can't trust me with AdminCP access and/or FTP access, we all are already in trouble. The only ultimate safety is protection and distribution of daily back-ups, so that if disaster or insanity strikes, someone has a back-up which contains nearly all the data and style information up to the previous day and it can be restored or moved to a new forum without too much grief.

The rest is just wishful thinking and keeping one's fingers crossed. Even good and true intentions sometimes lead to disaster and can be rectified only with a good back-up, properly restored. That's just the way life is, moving West. No wait, we are already as far West as we can get in the lower 48.

Regards,