mahara-contributors team mailing list archive

Thread
Date

[Bug 868591] Re: Creating Administrator User

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: François Marier <francois@xxxxxxxxxx>
Date: Wed, 05 Oct 2011 22:31:14 -0000
Reply-to: Bug 868591 <868591@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Thanks for the suggestion Mario.

At the moment, the main way that people use to restore someone's admin
privileges and remove them from a rogue admin is to set the right flag
in the database directly.

** Changed in: mahara
       Status: New => Triaged

** Changed in: mahara
   Importance: Undecided => Wishlist

** Visibility changed to: Public

** This bug is no longer flagged as a security vulnerability

** Summary changed:

- Creating Administrator User
+ Creating a Super Administrator User

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/868591

Title:
  Creating a Super Administrator User

Status in Mahara ePortfolio:
  Triaged

Bug description:
  Hi,

  One of the issues I have seen when creating multiple admins in
  platforms from Joomla to Wordpress is administrative lockouts caused
  by administrative errors( or administrative lockouts.) Of course, we
  learn to use the administrator account for installation only, and then
  create another admin user. Here is the problem with Mahara:

  Once an admin is created...there's no root admin!

  Each admin has the same rights and privileges. This can lead to an
  admin hijacking the entire platform!

  I was able to do this to myself in testing to see if it can be done.

  Please examine administrative rights and permissions schema's similar
  to Drupal or Tikiwiki.

  Thank you!

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/868591/+subscriptions