On 2010-03-10 15:07, Christian Hammond wrote:
Staff means you have the ability to create/delete/modify anything in the
database that you have permissions for (by default, this is everything, I
believe). Superuser means you have it no matter what permissions are set.
You basically have every single permission automatically.
This is a Django thing, and not controlled by Review Board in any way. It
seems like something they should probably prevent. I think the proper thing
to do, though, is to just not give staff members the ability to modify users
by default. I see nothing in Django that prevents modifying this flag
Okay, thanks. Unfortunately that seems like it would defeat the goal of
staff being able to create users and reset passwords :-(.
It seems rather counter-intuitive that the 'may modify users' and
'superuser' flags are effectively synonymous. I guess I should bug
Django about it?
Want to help the Review Board project? Donate today at
Happy user? Let us know at http://www.reviewboard.org/users/
To unsubscribe from this group, send email to
For more options, visit this group at