The problem:
I was thinking of how to handle a site with many users and several story editors and user admins.

Lets say it is a small sports club and there is me, the technical root admin, there is 1 chief editor (story and user admin), 5 general editors (story admins), 1 treasurer (user admin), 200 known members of the club (group-football), 2000 fans (group-fans).

A) What are the most dangerous things admins can do (accidentally)? It is less a matter of faith it is rather accounts being hacked or unexperienced admins doing wrong steps.

- Deleting topics is most dangerous as they also delete all the stories.
- Mass deleting users could be a massive problem too.

Anything else that is not repairable?

There is alsready the config variable "onlyrootfeatures". What do you think of the possible settings only root may batchdelete users or delete topics?

Would the best solution be to make user.mass.delete and topic.delete separate rights?
There is a feature request [#563] "topic.delete should be a separate right" .
http://project.geeklog.net/tracker/index.php?func=detail&aid=563&group_id=6&atid=108


I noticed that user admins cannot add a user to a goup say "group-football" if they are not group admins. I don`t really want to make the user admin also group admin. Is there a chance to give user admins the right to add or delete users to groups but not be group managers? I think this is quite logical, isn`t it?


C) Unfortunately all email notifications go to the root admin. This should be routable to the various admins.

I'm always in favor of finer grain rights.
In this case a "group.assign" feature is probably a better method. You don't necessarily want all your user.admins assigning group membership. I would say group.edit presume group.assign or that could be configured via $_CONF. You should make a feature request for this. Others probably could use it.
I've seen this on the forums before, I think. Again, make a feature request.

Thanks for your feedback.

As for me I think that the user admin should always be able to assign users to groups. That`s quite normal and daily business. Somebody signs up and has to be assigned to a group. Whereas editing a group is extremely rare and more a task that an admin does once a year.

Anyone else runing a 'big' site and thinking about possible problems or more usability? :kickcan:

I just noticed that with xoops it is the group manager who assigns a group to a block. In Geeklog it is the block admin.

Well, if the block admin and the story admin both assign groups to either blocks or stories then the user admin should logically be able to assign groups to a user.