On 2010-03-10 15:07, Christian Hammond wrote:
Staff means you have the ability to create/delete/modify anything in the
database that you have permissions for (by default, this is everything, I
believe). Superuser means you have it no matter what permissions are set.
You basically have every single permission automatically.

This is a Django thing, and not controlled by Review Board in any way. It
seems like something they should probably prevent. I think the proper thing
to do, though, is to just not give staff members the ability to modify users
by default. I see nothing in Django that prevents modifying this flag

Okay, thanks. Unfortunately that seems like it would defeat the goal of staff being able to create users and reset passwords :-(.

It seems rather counter-intuitive that the 'may modify users' and 'superuser' flags are effectively synonymous. I guess I should bug Django about it?


Want to help the Review Board project? Donate today at 
Happy user? Let us know at http://www.reviewboard.org/users/
To unsubscribe from this group, send email to 
For more options, visit this group at 

Reply via email to