Announcement

Updates to the Moderator primary role - removed ability for moderators to grant/revoke roles

  • 8 January 2019
  • 7 replies
  • 228 views

Userlevel 7
Badge +1
We've released a small update to the Moderator primary role. Read on for more details!

What's changed?

  • Moderators can no longer (by default) grant/revoke roles for any users. This includes both primary and custom roles.
  • Moderators no longer have access to the 'Custom User Roles' section in Control.


Why has this changed?

  • Moderators were able to escalate their own role to Administrator. We believe moderators should not be able to autonomously gain access to Administrator privileges 🙂.


I don't like this change. How can I make things go back to the way they were for my moderators?

  • We understand not everyone is keen on this change, and that's fine; our challenge is to provide a system that's flexible enough for everyone's needs.
  • If you want to give your moderators the ability to grant/revoke primary/custom roles again, all you have to do is set up a custom user role with the 'Users' permission enabled. Apply this custom user role to your moderators and you're good to go.

What other changes are in the pipeline?

  • We're also looking into removing further permissions from the moderator role.
  • Just like this change, you'll be able to reenable the vast majority of them through custom user roles.
Here's the draft list of permissions that we plan to remove from the moderator role by default (all of these can be reenabled through custom user roles, should you want your moderators to keep on having access to them):
  • Analytics
  • General settings
  • Forum settings
  • System configuration
  • Appearance
  • Embeddable widgets settings
Let us know your feedback in the comments below!

7 replies

Userlevel 7
Badge +1
PS - sorry for the lack of notice about this change - it was deployed a bit faster than anticipated! We'll be sure to provide advance notice for other changes to permissions.
Userlevel 5
Badge +3
You just caused our test mods a heart attack ;)

They change user roles on a daily basis and came running to me.
I made a custom role now, but I really would love more of an early warning system in this.

Cheers,
Userlevel 7
Badge +1
You just caused our test mods a heart attack ;)

They change user roles on a daily basis and came running to me.
I made a custom role now, but I really would love more of an early warning system in this.

Cheers,


My personal apologies to you and the test mods Ronald!
Userlevel 7
Badge +3
@daniel.boon Was this something your customers requested??
Userlevel 7
Badge +1
Hey Darran,

Yes this was prompted by requests from customers (here on inSpired, and also via support).

The changes are aimed to make the permissions more flexible, and more secure: right now moderator permissions are very much 'all or nothing', so customers who want to give fewer permissions have no viable way to achieve this. However, those who want to give moderators full access can continue do so via custom user roles.
Userlevel 7
Badge +3
Ok @daniel.boon thanks for the update. Hadn't seen this post.

I've created a custom role now so back to normal on our side.
Userlevel 7
Badge +1
Good to hear Darran! Sorry for any inconvenience caused (esp. due to our inSpired notifications not sending!!!)

Reply