[wp-trac] [WordPress Trac] #5942: Add Owner role
WordPress Trac
wp-trac at lists.automattic.com
Sat Apr 9 21:17:48 UTC 2011
#5942: Add Owner role
-----------------------------+-----------------------------
Reporter: tellyworth | Owner:
Type: feature request | Status: reopened
Priority: normal | Milestone: Future Release
Component: Role/Capability | Version: 3.1
Severity: normal | Resolution:
Keywords: needs-patch |
-----------------------------+-----------------------------
Comment (by nacin):
My thoughts after a discussion with Jane:
- Having an'Owner role would be beneficial for two reasons. 1, it would
establish a link between a single admin account and the admin_email, thus
improving that UI/UX. 2, by locking down ownership transfer, this is nice
for security and site theft.
- The second part is primarily beneficial for multisites. It is also
feasible only in multisite, unless you lock down plugin/theme installation
(and probably upgrades) as well as the file editors to non-owners.
- An Owner role probably shouldn't be a role. It'd be much easier to bolt
it onto the capabilities system similar to super admins.
- You could allow for an Owner to be specified in wp-config, which would
then hide any UI for transferring ownership. Note that this wouldn't
remove the requirement to disable file editors and installation, as you
could easily inject a shell.
- I would think that Owner would be a nice feature to have for single-
site -- it sounds like it should be an optional, opt-in way to link an
account to the admin_email, and once that happens, the admin_email field
would just go away for that site. For multisite, it could be enforceable
at the network level for new sites. It sounds like it would get more use
at the multisite level (the feature kind of sounds like the admin bar in
that regard).
--
Ticket URL: <http://core.trac.wordpress.org/ticket/5942#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list