We've released a small update to the Moderator primary role. Read on for more details!
What's changed?
- Moderators can no longer (by default) grant/revoke roles for any users. This includes both primary and custom roles.
- Moderators no longer have access to the 'Custom User Roles' section in Control.
Why has this changed?
- Moderators were able to escalate their own role to Administrator. We believe moderators should not be able to autonomously gain access to Administrator privileges 🙂.
I don't like this change. How can I make things go back to the way they were for my moderators?
- We understand not everyone is keen on this change, and that's fine; our challenge is to provide a system that's flexible enough for everyone's needs.
- If you want to give your moderators the ability to grant/revoke primary/custom roles again, all you have to do is set up a custom user role with the 'Users' permission enabled. Apply this custom user role to your moderators and you're good to go.
What other changes are in the pipeline?
- We're also looking into removing further permissions from the moderator role.
- Just like this change, you'll be able to reenable the vast majority of them through custom user roles.
Here's the draft list of permissions that we plan to remove from the moderator role by default (all of these can be reenabled through custom user roles, should you want your moderators to keep on having access to them):
- Analytics
- General settings
- Forum settings
- System configuration
- Appearance
- Embeddable widgets settings
Let us know your feedback in the comments below!
