Hello fellow Djangonauts, I hit a problem with user permissions within the Django admin area. The other day I gave a user add/edit/delete user permissions so that they could manage staff access on the websites. However, in doing this that particular user is now able to create other users with greater permissions than himself, even promoting others to superuser status. Furthermore that user could also turn himself super by editing his own profile. Has anyone come across this problem? Is there a workaround? I assume there is a way to lock user permissions so one cannot promote oneself or others beyond ones allocated permission level?
Thanks. -- Ca-Phun Ung --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
