I'm struggling with a particular configuration problem.

I've got three classes of users... Ones that can work on reviews, ones that can 
do anything (superusers), and ones I want to restrict to being able to muck 
around with the admin/database models for changesets, diffs, and reviews.

The "Staff" setting is almost perfect for this in-between role, in that it 
appears that I can set up a group that staff members belong to, and give 
specific permissions to them.  Notably, I can prevent them from changing 
authorization config, scmtools, sites, and siteconfig. That fixes everything 
under ./admin/db area, however, the staff members can still see the 
./admin/settings/... URLs, and even change them.

Is there any way to block the settings (general, authentication, e-mail, ... ) 
from staff users? Or at least prevent them from making changes? I've been 
digging around the code, and haven't figured it out.

I'm okay with making patches to my local copy, if that's what it takes.


Want to help the Review Board project? Donate today at 
Happy user? Let us know at http://www.reviewboard.org/users/
To unsubscribe from this group, send email to 
For more options, visit this group at 

Reply via email to